IAM - web service
Chaitanya Vamsi
What is IAM?
IAM(identity and access management) is an Amazon web service used to provide authentication and authorization to users and manage them.
I will explain this with a very simple example, consider you are a fresher and it's your first day at work as you enter the building you are stopped as you do not have access, so you have mailed for access to your supervisor.
Now in each header below, I will break down what happens
User
Now after seeing the mail I have given you access permission to enter the building.
Now you have entered the building it provides you with different amenities like a library, rest area, gym, and system access.
Right now your priority will be system access so again you will ask permission for system access.
Now let's see what happens in the next step.
Policies
Now based on the user's request, I will be giving the user system access.
The policy is nothing but giving required permissions. Now imagine there are more than a hundred users if each person asks for a different request it will be a big task to give permissions to each person.
what can we do here? Let's see groups
Groups
Now the solution is to create groups since the basic amenities like a library, rest area, and gym can be created as a group called basic needs.
Now whenever there is a request I can directly add them to the basic need group here instead of creating a policy again. Based on the need we create groups this makes the work easy.
Roles
Roles are kind of users but you will be provided with temporary access. Suppose consider some restricted areas are not accessible but you need them for some time so you will be provided only temporary access.
Suppose you are working on a private cloud and need to access some service in aws cloud when you request DevOps engineer will provide you temporary access which can be valid for a certain period and after you will lose access.
Conclusion
When you join an organization team will be divided into front, end back end databases, testers and different roles. User requests and the DevOps engineer or system administrator will provide access this is authentication. Now he accesses the AWS cloud but cannot do anything now suppose he wants access to the s3 bucket you need to create a policy, this is authentication. We provide access to users based on their role, simply if we give all permission by mistake if he deletes important db all data will be lost. To make the process easy we can create groups and add users to them to the process simply as creating a policy for a single user will waste a lot of time.
IAM is authentication, authorization, and user management
I know theory will be boring so I made it fun to understand, if you still are unclear will try to record a practical on the same. Hope you liked it catch you guys in the next blog.
Happy Cloud Learning:)
Subscribe to my newsletter
Read articles from Chaitanya Vamsi directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by