DEV Community

loading...
Cover image for AWS Identity Access Management – IAM Overview

AWS Identity Access Management – IAM Overview

pratik profile image Cloud For Geeks ・3 min read

IAM INTRODUCTION :

  • AWS Identity and Access Management (IAM) is a service that allows you to manage users and their access to AWS.
  • Your whole AWS security revolves around IAM.
  • IAM is a global service. It’s not bound to any specific region.
  • IAM allows you to control

    • Identity: who can use your AWS resources (Authentication)
    • Access: what resources they can use (Authorization)
  • When you create AWS account, that very first account is called

    as Root account.

  • When you first start with AWS you get a root access key. Root access key provides complete access to your AWS account and you should never use them.

  • So you basically need to delete your root access key.

  • You can set up MFA (Multi-Factor Authentication) for extra security.

IAM FEATURES :

  • IAM provides you with centralized control of your AWS account.
  • It provides shared access to your AWS account.
    • You can grant other people access to your AWS account.
  • It allows you to set Granular permissions.
    • You can grant specific permission to specific users. For example, you might allow a user access to only some set of services only.
  • Identity Federation (including Active Directory, Facebook, LinkedIn etc)
    • Users can log in by using their company credentials without having an account with AWS.
  • Multifactor Authentication
    • This is two-factor authentication. User not only need to provide password or access key but also code from physical devices such as android or ios smartphone.
  • Support PCI DSS compliance.
    • IAM supports the processing, storage, and transmission of credit card data
  • Provide application running on EC2 access to AWS resources.
    • You can have your application running on EC2 secure access to AWS resource.
  • IAM integrates with almost every AWS service.
    • Since it’s a fundamental or core service that provides security, IAM integrates with almost all AWS services.
  • Free to use
    • IAM is a completely free service to use.

IAM COMPONENTS :

Users

  • User is an AWS identity.
  • User is basically a physical person.
  • This physical person will get an account in IAM.
  • New users have no permission when first created.

Group

  • Group basically means a set of IAM users.
  • Groups are basically defined by their function for example Developers, Admin etc.
  • Instead of assigning the same permission to every other user individually, you can assign that permission to group and add all the users in that group.
  • All the users in this group will inherit the permission of the group.

Roles

  • Role is an IAM identity that has specific permissions.
  • Role is similar to User.
  • But it is not associated with a specific person, a role is assumed by anyone who needs it.
  • Role doesn’t have standard long term credentials such as password, it works on temporary security credentials for a session.
  • Roles can be assigned to :

    • An IAM user in the same account as role in.
    • An IAM user in a different account than the role.
    • An AWS service such as EC2.
  • Policies

  • Policies are JSON documents.

  • They define what User, Group and Roles can do or cannot do.

  • Permissions are governed by policies.

  • AWS provides you with many built-in policies that already have permissions according to use cases. This is the AWS managed policies.

  • You can also create your own policy as well.

IAM FEDERATION

  • IAM Federation is a feature which can be used by big enterprises.
  • Generally, big enterprises have their own repository of users. Using IAM Federation such enterprises can integrate their own repository of users with IAM.
  • This way users of such enterprises can log in into AWS using their company credentials.
  • Identity Federation uses the SAML standard

read rest of the tutorial here http://cloudforgeeks.com/aws-identity-access-management-iam-overview/
AWS Identity Access Management (IAM) explained. This article covers IAM fundamentals. Learn AWS IAM and use it in your own AWS account.

Discussion

pic
Editor guide