IAM Users:
IAM users can be understood as an entity that AWS creates and provides users with a way to communicate with AWS resources. Users are people working on the AWS in a company, and they can be grouped, and one user represents one person. We can create a group of different users.
There is a company in which a group of employers, David, Aly, Sheldon, Sturgis, and Walter, are working on an AWS project. We will divide this group into subgroups. For example, David, Aly, and Sheldon will have to work on the “instances,” and Sturgis and Walter will be creating S3 buckets.
The main reason IAM users are used is that users can sign in to the AWS console and request the AWS services. Users can request any AWS service, either Amazon S3 or EC2, etc. Users can create another security layer. Apart from using their login details, users can enhance the security of their accounts by using the AWS feature, which is multi-factor authentication. One single user can be a part of different groups as well.
Users are permitted to do AWS tasks like If we create an IAM user whose name is Sid, then we will also create a password for that user, and we will get permission, which will let him run tasks like he can be permitted to start EC2 instances and read data from the database.
The user can not do anything on the console as he is not given access to the other things. One user can be associated with only one AWS account.
Users get the permissions that are applied by the policies. By default, users have no permissions, and they would not be able to do anything because they do not have any permission to work in the console. When a user creates an account in the AWS console, he chooses a name with which he wants to be associated. AWS users, Amazon resource name that is ARN for the user, is unique to identify a user as the name given to a user. It looks like “Account-ID-Without-Hyphens.” When a user uses a console, he will not see this unique ID unless the user uses API.
Tools for Windows PowerShell or AWS CLI & IAM Groups :
Now we will understand what a group is in IAM. IAM group is when different users come together or are collected for a particular workgroup even specifies permission for all the users, and one can also easily manage user submissions. For example, a group of admin can be created in which all the users are from the admin department. In the admin group, users have some permission to perform their tasks.
Users will all have all the permission assigned to that particular group.
A group consists of different users, but they can not be one group inside another group.
For example, there can not be a group of admin managers in an admin group. If managers want their group of managers, they will have to make a separate group, but they can not create a group of managers in the admin group itself.
All the users on their own cannot join a group when a group is formed.
For that, it is required that users be added to the group.
A user cannot belong to all the groups, as there is a limitation to the number of groups a user can belong to.
IAM roles:
Roles are easy to understand. They are nothing but permissions to access various resources.
In other words, we can say that the IAM role means permissions that grant access to resources and performing tasks.
Permissions are attached to a role, not the IAM user or a group.
A role can also be understood as an AWS identity with permission policies that determine what a particular identity can or cannot do in AWS while performing a task. For a role, no security credentials are required.
Instead, if the user is given a role, then the user is given security credentials temporarily.
Roles can be used to give access to any of AWS resources to a user.
One can also grant resources to the user in some different AWS accounts.
For example, you are running a virtual machine or an EC2, and we can give a role to that particular EC2 instance to access the S3 bucket. And then, the EC2 instance can access files of S3 and use them.
This is possible because we have been given a role that means permission to access AWS resources.
Top comments (0)