AWS Identity and Access Management (IAM)

Sundaresan AnandanSundaresan Anandan
4 min read

What is AWS IAM:

IAM is a web service that helps you securely control access to AWS resources. It allows you to manage permissions and control who can access specific resources within your AWS environment. Here’s a detailed explanation:

Key Concepts of IAM:

  1. Users:
  • IAM Users: These are individuals or services that need access to your AWS resources. Each user has a unique set of credentials (username and password, access keys) and can be assigned specific permissions.
  1. Groups:
  • IAM Groups: These are collections of IAM users. You can assign permissions to a group, and all users within that group inherit those permissions. This simplifies management by allowing you to set permissions for multiple users at once.
  1. Roles:
  • IAM Roles: These are similar to users but are intended to be assumed by anyone who needs them. Roles are used to grant permissions to AWS services or users from other AWS accounts. They are particularly useful for granting temporary access.
  1. Policies:
  • IAM Policies: These are JSON documents that define permissions. Policies specify what actions are allowed or denied on which resources. They can be attached to users, groups, or roles.

How IAM Works

  1. Authentication:
  • When a user or service tries to access AWS resources, IAM verifies their identity using their credentials. This process is known as authentication.
  1. Authorization:
  • After authentication, IAM checks the policies attached to the user, group, or role to determine what actions they are authorized to perform. This process is known as authorization.

Key Features of IAM

  1. Fine-Grained Access Control:
  • IAM allows you to create detailed policies that specify exactly what actions are allowed or denied. This ensures that users have only the permissions they need to perform their tasks.
  1. Multi-Factor Authentication (MFA):
  • IAM supports MFA, which adds an extra layer of security by requiring users to provide a second form of authentication (e.g., a code from a mobile device) in addition to their password.
  1. Federation:
  • IAM supports federated access, allowing users to access AWS resources using their existing corporate credentials. This is useful for integrating with identity providers like Active Directory.
  1. Temporary Security Credentials:
  • IAM can generate temporary security credentials for users or services that need short-term access to AWS resources. This is useful for granting temporary access without sharing long-term credentials.

Best Practices for Using IAM

  1. Least Privilege Principle:
  • Grant users only the permissions they need to perform their tasks. Avoid using the root account for everyday tasks.
  1. Use Groups to Assign Permissions:
  • Assign permissions to groups rather than individual users to simplify management.
  1. Enable MFA:
  • Enable MFA for all users, especially those with administrative privileges.
  1. Regularly Review Permissions:
  • Regularly review and update permissions to ensure they are still appropriate for the users’ roles.
  1. Use Roles for Applications:
  • Use IAM roles to grant permissions to applications running on AWS services like EC2, rather than embedding credentials in the application code.

IAM is a powerful tool that helps you manage access to your AWS resources securely and efficiently. By following best practices and leveraging IAM’s features, you can ensure that your AWS environment remains secure and well-managed.

Let’s put this knowledge into practice.

Task 1 :

Create an IAM user with username of your own wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install Jenkins and Docker on your machine via single Shell Script.

Step 1: Create an IAM User and Grant EC2 Access

  1. Sign in to the AWS Management Console.

  2. Navigate to the IAM Console:

  • Go to the IAM service.

3. Create a New User:

  • Click on Users in the left-hand menu.

  • Click on Add user.

  • Enter a username of your choice (e.g., devops_user).

  • Check- Provide user access to the AWS Management Console.

  • Select I want to create an IAM user for access type.

4. Attach Policies:

  • Click on Attach existing policies directly.

  • Search for and select the AmazonEC2FullAccess policy.

  • Click Next: Tags, then Next: Review, and finally Create user.

  • In Retrieve password make sure you download the csv file.

5. Download Credentials:

  • Download the .csv file containing the username and password for console.

6. Login to the console using the newly created user.

7. Go to EC2 \> Launch instance.

  • Add Name.

  • Select Ubuntu image.

  • Generate new Key pair.

  • In Network settings > Check Allow HTTP traffic from the internet.

  • In Configure storage > Set volume to 16 GiB.

  • Click on Launch Instance.

0
Subscribe to my newsletter

Read articles from Sundaresan Anandan directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSAWS IAMaws iam policiesawscloud

Written by

Sundaresan Anandan
Sundaresan Anandan

I am a tech enthusiast and have dedicated 5+ years of experience in software development. Currently, I am working as a solution engineer. Here my responsibilities are to directly interact with customers and fellow developers, then identify their pain points and figure out the solutions. Apart from that, I spent plenty of time code along with other developers, writing technical documents and preparing architecture diagrams.