DEV Community

Shahriyar Al Mustakim Mitul
Shahriyar Al Mustakim Mitul

Posted on

AWS IAM (Identity and Access Management)

▶️ Service restrictions: It's a global service. So, anyone can use it.
▶️ Motivation: To create users/groups with specific access but not the whole access.

Image description

This is how the permission is given(Using json or using UI/UX):

Image description

Let's create users for our account:

Firstly, go to the IAM and then go to users:

Image description

Then press create user

Image description

Give a name for the user

Image description
Then press next

Image description
Attach existing policies
Select your desired permissions:

Image description
Press next
Image description
Press create user and you are done!

IAM Policies structure
It's the structure using json code to give certain permission and access

Image description

AWS Access keys

Image description

Image description
Example of an access key

Image description

Tools to access your AWS account:

  • AWS CLI:

Image description

Use this link to install

It will look like this

Image description
Go to your command prompt and then write this command to see this output

Image description

Create and access key :

Go to your IAM user and press security credentials and press create access key
Image description

Image description

Image description

Done!

Now go to your local CLI and give these credentials:

Image description

Check the IAM users:

Image description

You can also verify after logging into the "admin-aws" account that it has this user only:

Image description

Note: This view is seen once you logged into the IAM user account you created and used the IAM security credentials off

  • AWS Cloudshell You can also use this to get the same features as the AWS CLI.

Image description

Image description

  • AWS SDK:

Image description

To ensure the security or logs of IAM User accounts, go to access advisor:

Image description
You can see what tools has been used.

Also, to get all of the user info for an account[root or main account], go to IAM--> Credential report and then download the report

Image description

Shared Responsibility

Image description

That's it!!

Top comments (0)