DEV Community

Cover image for AWS -How to IAM (2024)
Hootan
Hootan

Posted on • Edited on

AWS -How to IAM (2024)

IAM: Identity and Access Management Global Service
some AWS services need to perform actions on your behalf. to do so, you assign permissions to AWS services with IAM Rols.

A statement in an IAM policy consist of Sid, Effect, Principal, Action, Resource and condition.

Group only contain Users.

a user can contain to multiple group.

Groups comes with custom permition.(with JSON document that you can call it)

How to Run IAM

Access management> users

Creating user

  1. Name it/ give a password
  2. I want to create an IAM user
  3. Autogenerated password and check users must create a new password

Create a group

  1. name it
  2. give a premission eg: Administor___provides full access
  3. add the user into group

With creating "Account Alias" you can simply sign in URL

Premission Policies

Access managment> Policies
On the Policies section click on "Create policy"

you have two option to create policy: visual and JSON
we use visual

  1. Choose a service: IAM
  2. Allowing actions: listUser and getUser
  3. Resowres: All
  4. choose a policy name and then create

If you go to user section, then chose a user you can give the policy to them.

Password Policy

  1. configure password requirement:
    Access managment> Account settings
    on Account settings section click on "Edit"

  2. MFA
    click on the name on top-rigt cornell
    then click "Security credentials"

  • Assign an MFA device
  • give it a name, use the Authontication app
  • Install Authontication app on your mobile phone then scan the QR code and then usse the code1 and code2 on the text box below.
  • then you're good to go

How can users access AWS?

  1. AWS Managment console protected by password+MFA
  2. AWS Command line interface(CLI) protected by access keys
  3. AWS software Developer kit(SDK) for code: protected by access keys

Access keys are generated though the AWS console

a region to reminde: canada(central) ca-central-1

Creating access key:

access management> users
on the secion click on the name(eg:hootan)
scroll down
security credentials> create access key
click on command line

How to run access key?

first install aws cli on your computer
then run your terminal or cmd:
write: aws configure
then press ID and pass
press default region
output format is not matter
then write: iam list-users

Top comments (0)