Identity and Access Management
Vault v2 provides a subset of support for the Amazon Web Services Identity and Access Management (IAM) API.
This functionality enables each Vault v2 user, under their user account, to create IAM groups and IAM users. The Vault v2 user can then grant those IAM users permissions to perform actions (such as reading or writing objects in a particular bucket or buckets).
As with Amazon, a Vault v2 user grants these permissions to IAM groups and users by attaching "managed" IAM policies to groups or users, and/or by embedding "in-line" IAM policies for groups or users. By default, newly created IAM users have no permissions. They gain permissions only when their parent Vault v2 user attaches or embeds policies for them.
For more Information see: