In this AWS Cloud tutorial, you’ll learn why AWS Cloud Engineer must know IAM and why should you use it.
AWS Cloud Engineer must know IAM
What is IAM and why should you use it?
- It is a web service that is used in security into your AWS account, it allows you to ensure authentication by giving you control who can access your environment.
- In simple way control who can access your AWS environment
- You can control a user what they can do once they log in to AWS account
- It is a global service in an AWS, which means it is not for some specific region.
Benefits of using IAM
- With IAM shared access to your AWS account
- Granular API level of permission
e.g. If you want to allow a user only with read-only/other permission - Central control of your AWS account
- Identity Federation
e.g. Facebook, Active Directory, Google. The user first authenticates their credentials with FB, AD, Google or some other service and only after they have been authenticated they can actually use your services. - Temporary credentials to users/applications also offered by using IAM.
- Multifactor Authentication
- IAM is also integrated with many AWS Services
eg: EC2, Lambda, DynamoDB etc
Here you can specify granular level permissions. - PCI/DSS compliance for card payment
- Free to use, you are charged only the resources you use.
Which are the AWS IAM components?
- User
- Groups
- Roles
- Policies and permissions
IAM Users
- The user is the people
- Programmatic access and console access credentials
- Best practice use IAM user instead of root credentials
- Can use pre-existing policy templates to assign permissions
- By default, a newly created user has no permissions.
IAM Groups
- Assign the same permission to a set of users automatically.
IAM Roles
- Specify what resources are allowed to do with other resources
eg: If you want an ec2 instance to be able to write to the Dynamodb table, you could create a role for ec2 instance and specify to allow to write on the table. - Best practice – Never use credentials on an instance, instead use IAM Roles
- Users can assume a role to gain temporary access (eg: using FB credentials)
IAM Policies
- Documents that specify a set of one or more permissions
- It is written in JSON, Which is key Value of Document
2 Types of IAM Policies
- User Policies
- Resource Policies
PowerUserAccess Policy
It allows full access to AWS services and resources but doesn’t allow the management of users and groups.
AdministorAccess Policy:
- Provide full access to AWS services and resources.
End of tutorial, you learned why AWS Cloud Engineer must know IAM.
thanks for reading this article, you’ll like the below articles.
How to Automate AMI Creation using Packer
AWS NAT Instances vs NAT Gateways