Amazon Identity and Access Management (IAM)

AWS IAM is one of the most powerful and important services enabling secure access management to AWS services and resources. With AWS IAM, we can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

AWS IAM — Key Features

Let’s look at some of the key features that make IAM so versatile and powerful:

Authentication in IAM

Authentication or identity management in AWS IAM consists of the following identities:

Users: An IAM user is a user who can have the access to our console resources with username & password having permenent Access key & Secretkey.

Groups: An IAM group is a collection of IAM users. You can organize IAM users into IAM groups and attach access control policies to a group. A user can belong to multiple groups. Groups cannot belong to other groups.

Role: Communication between the different services using the role. A role does not have any credentials associated with it. An IAM user can assume a role to temporarily take on different permissions for a specific task.

Authorization in IAM

Authorization or access management in IAM is gives those users permission to access a resource.

Policy: A policy is a document with a set of rules, having one or more statements. Each policy grants a specific set of permissions and can be attached to any of the IAM identities users, groups, and roles. olicies are always written in JSON or YAML format and each policy has a name.

There are three types of policies are there.

AWS Managed policies: An AWS managed policy is a standalone policy that is created and administered by AWS. Standalone policy means that the policy has its own Amazon Resource Name (ARN) that includes the policy name.

Customer Managed policies: Customer managed policies are standalone identity–based policies that you create and which you can attach to multiple users, groups, or roles in your AWS account. You can manage and create policies using the AWS Management Console, the AWS Command Line Interface (AWS CLI), or the IAM API.

Inline Policies: These policies are directly applied to IAM entities. You use inline policies for a specific objective, which makes them non-reusable.

Become an IAM Policy Master in 60 Minutes or Less:

Liked This Article?

Hands-on IAM :

1. Create IAM user and give only s3 & Ec2 full access.

Given below is the IAM dashboard. Here you will get all the information about the IAM resources running.

Login & Check S3 & EC2 Services.

2. Attach RDS full access policy to already created IAM user

Now added the RDS Full access Policy.

3. Create IAM role and give access only to s3

3. How to Connect s3 using EC2 via IAM Role

4. Create Groups & add users

4. Permission Boundary Concept & Hands On

A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity’s permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.

5. Setting up a password policy for your AWS Account using IAM

6. Setting up Multi-Factor Authentication (MFA) using AWS IAM

Multi-Factor Authentication (MFA) protocols offer a great way to improve the overall security posture of your AWS cloud services and resources.

Leave a Reply

Your email address will not be published. Required fields are marked *