Cloudalus

The Basics of Cloudalus IAM

2025-12-01

Return to articles

A brief overview of the Cloudalus Identity and Access Management (IAM) system.

Cloudalus's Identity and Access Management (IAM) system is a powerful tool that allows you to control who has access to your resources and what they can do with them. It's a fundamental building block of security on Cloudalus, and it's important to understand how it works.

The core of Cloudalus IAM is the concept of a policy. A policy is a JSON document that defines a set of permissions. These permissions can be attached to users, groups, or roles. When a user tries to access a resource, Cloudalus evaluates all the policies that apply to that user and determines whether they have the necessary permissions.

There are three main types of policies in Cloudalus IAM:

  • Identity-based policies are attached to a single user, group, or role. They define the permissions that are granted to that identity.
  • Resource-based policies are attached to a resource, such as a database or a storage bucket. They define who has access to that resource and what they can do with it.
  • Session policies are temporary policies that are created when a user assumes a role. They define the permissions that are granted to the user for that session.

By combining these different types of policies, you can create a flexible and granular access control system that meets the needs of your organization.