▶️ Service restrictions: It's a global service. So, anyone can use it.
▶️ Motivation: To create users/groups with specific access but not the whole access.
This is how the permission is given(Using json or using UI/UX):
Let's create users for our account:
Firstly, go to the IAM and then go to users:
Then press create user
Give a name for the user
Then press next
Attach existing policies
Select your desired permissions:
Press next
Press create user and you are done!
IAM Policies structure
It's the structure using json code to give certain permission and access
AWS Access keys
Example of an access key
Tools to access your AWS account:
- AWS CLI:
Use this link to install
It will look like this
Go to your command prompt and then write this command to see this output
Create and access key :
Go to your IAM user and press security credentials and press create access key
Done!
Now go to your local CLI and give these credentials:
Check the IAM users:
You can also verify after logging into the "admin-aws" account that it has this user only:
Note: This view is seen once you logged into the IAM user account you created and used the IAM security credentials off
- AWS Cloudshell You can also use this to get the same features as the AWS CLI.
- AWS SDK:
To ensure the security or logs of IAM User accounts, go to access advisor:
You can see what tools has been used.
Also, to get all of the user info for an account[root or main account], go to IAM--> Credential report and then download the report
Shared Responsibility
That's it!!
Top comments (0)