AWS CloudIAM

AWS Cloud Engineer must know IAM and why should you use it

Details Introduction of AWS IAM

In this AWS Cloud tutorial, we are going to give a detail knowledge why AWS Cloud Engineer must know IAM and why should you use it.

What is IAM and why should you use it?

  • It is a web service that is used in security into your AWS account, it allows you to ensure authentication by giving you control who can access your environment.
  • In simple way control who can access your AWS environment
  • You can control a user what they can do once they log in to AWS account
  • It is a global service in an AWS, means it is not for some specific region.

Benefits of using IAM

  • With IAM shared access to your AWS account
  • Granular API level of permission
    e.g. If you want to allow a user only with read-only/other permission
  • Central control of your AWS account
  • Identity Federation
    e.g. Facebook, Active Directory, Google. The user first authenticates their credentials with FB, AD, Google or some other service and only after they have been authenticated they can actually use your services.
  • Temporary credentials to users/application also offered by using IAM.
  • Multifactor Authentication
  • IAM is also integrated with many AWS Services
    eg: EC2, Lambda, DynamoDB etc
    Here you can specify granular level permissions.
  • PCI/DSS compliance for card payment
  • Free to use, you are charged only the resources you use.

Which are the AWS IAM components?

  • User
  • Groups
  • Roles
  • Policies and permissions

IAM Users

  • The user is the people
  • Programmatic access and console access credentials
  • Best practice use IAM user instead of root credentials
  • Can use pre-existing policy templates to assign permissions
  • By default, a newly created user has no permissions.

IAM Groups

  • Assign the same permission to a set of users automatically.

IAM Roles

  • Specify what resources are allowed to do with other resources
    eg: If you want an ec2 instance to be able to write to the dynamodb table, you could create a role for ec2 instance and specify to allow to write on the table.
  • Best practice – Never use credentials on an instance, instead use IAM Roles
  • Users can assume a role to gain temporary access (eg: using FB credentials)

IAM Policies

  • Documents that specify a set of one or more permissions
  • It is written in JSON, Which is key Value of Document

2 Types of IAM Policies

  • User Policies
  • Resource Policies

PowerUserAccess Policy

It allows full access to AWS services and resources but doesn’t allow the management of users and groups.

AdministorAccess Policy:

  • Provide full access to AWS services and resources.

Related Articles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close

Adblock Detected

Please consider supporting us by disabling your ad blocker
%d bloggers like this: