Skip to content


We know how users are (generally) authenticated, but how do we know what it is they're allowed to do once they've been authenticated? Can they just do whatever they like within a system, or do we limit what they can do to specific tasks?


You'll note my spelling of authorisation - with an "s". You'll see it spelt "authorization" too, with a "z". This is simply the difference between British and American English.

Authorisation solves this problem. As a concept it can be simple to explain, but in reality it's a very hard problem to solve.

When we eventually reach the chapter on AWS, you'll see mention of "AWS IAM". IAM means "Identity and Access Management", or in other words: authentication and authorisation.

Key Points#