πŸ” AWS IAM Deep Dive

Shaikh BilalShaikh Bilal
4 min read

πŸ” What is AWS IAM?

Imagine you're running a big digital office in the cloud with Amazon Web Services (AWS). Now, just like in a real office, not everyone should be able to enter every room, server room, or make changes to everything. That's where AWS IAM (Identity and Access Management) comes in, it’s like the security guard at the front door. πŸšͺ

IAM helps you decide:

  • Who can log in,

  • What they’re allowed to see or do,

  • And how they’re allowed to do it.

Whether you're a small startup or a big enterprise, IAM keeps your cloud safe and organized β€” giving you full control over access, without the chaos. πŸ›‘οΈπŸ’‘

πŸ”‘ Core Concepts of IAM

There are 4 major components or services in AWS IAM, which are widely used according to enterprise requirements and certain conditions.

  1. πŸ‘€ IAM Users – The People Who Need Access

An IAM user is any person or system that needs to use AWS services.

  • Think of users as individual employees with their own login.

  • A user can be a human (like you, the developer) or a machine (like an app that uploads files to AWS).

  • Each user gets:

    • A username

    • A password (for console login)

    • Or access keys (for API/programmatic access)

    • A user gets permission to access the AWS services using Policies.

🧍 Example: You create a user named β€œDev101” who can access the S3 storage service to upload files.

  1. πŸ‘¨β€πŸ‘©β€πŸ‘§β€πŸ‘¦ IAM Groups – Organize Users with Similar Roles

Groups helps you to manage permissions for multiple users at a time.

  • Instead of assigning permissions to each user individually, you create a group, give it permissions, and add users to that group.

  • Users who are the part of particular group, automatically inherits the permissions assigned to it.

πŸ“‚ Example:
You create a group called "Developers". It has permission to launch EC2 servers. You add all your developers to this group, and boom β€” they all have the right access!

Similarly, we can create a group called DB, and add database admin to this group.

  1. πŸ“œ IAM Policies – The Rulebooks πŸ“˜

Policies are the instructions or rules that defines what actions are allowed or denied.

  • They are written in JSON (a simple data format), but AWS gives you policy wizards and templates to help in defining custom policies.

  • A policy can control:

    • Which services the user can access (like S3, EC2, RDS)

    • What actions they can perform (like read, write, delete)

    • Which specific resources (like a specific S3 bucket).

Example: { "Version": "2012-10-17",

"Statement": [

{ "Effect": "Allow",

"Action": [ "s3:GetObject", "s3:ListBucket" ],

"Resource": [ "arn:aws:s3:::my-example-bucket",

"arn:aws:s3:::my-example-bucket/*" ] } ] }

  1. 🎭 IAM Roles – Temporary Access Without Credentials

Roles are like temporary passes that anyone can assume when needed, without sharing login details.

  • It is often used for applications or other AWS services that need access to AWS services.

  • Roles come with permissions, but instead of assigning them to users directly, you let someone β€œassume” the role when needed.

πŸ”„ Example: Imagine your EC2 server (virtual machine) needs to access files in an S3 bucket. Instead of storing keys in the server, you assign an IAM role to the server that gives it access β€” no passwords needed.

🧰 Common IAM Use Cases

Here’s how IAM is used every day in real-world terms:

  • πŸ‘©β€πŸ’» Control Developer Access: Give your dev team the ability to work with specific services (like EC2, S3) β€” nothing more, nothing less.

  • πŸ€– Secure Automation: Let applications (like Lambda or EC2) access other services using roles.

  • πŸ” Protect Sensitive Data: Block unauthorized users from viewing or changing your databases.

βœ… IAM Best Practices (Keep Your Cloud Environment Safe!)

To use IAM wisely and securely, following are the best tips:

  • 🧾 Least Privilege Principle: Only give users exactly what they need, nothing extra. Start with no access and add as needed.

  • πŸ§‘β€πŸ”§ Don’t Use the Root Account for Daily Tasks: This is your master key. Save it for emergencies and keep it safe.

  • πŸ” Rotate Access Keys Regularly: Just like changing your ATM pin β€” it keeps things secure.

  • πŸ” Use MFA (Multi-Factor Authentication): Adds a second layer of protection β€” even if your password is stolen.

  • 🎭 Use Roles for AWS Services: Don't hardcode credentials into applications β€” use roles instead.

AWS IAM Practical Lab.

1
Subscribe to my newsletter

Read articles from Shaikh Bilal directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Shaikh Bilal
Shaikh Bilal