Day 2 of My AWS Journey: IAM (Identity and Access Management) Made Easy !

Rajesh BarikRajesh Barik
3 min read

Table of contents

👋 Introduction

Welcome to Day 2 of my AWS Zero to Hero journey! After setting up virtual machines (EC2) and private cloud networks (VPC) on Day 1, I realized something crucial:

You don’t just need to create resources — you need to control who can access them and what they can do.

That’s where IAM (Identity and Access Management) comes into play. It might sound technical, but don’t worry — I’ll explain it in the most beginner-friendly way possible.

🧠 Imagine This:

Think of AWS as a big school building you own (your AWS account). Inside this school, you have rooms (like EC2, S3, VPC, etc.) that you want to protect. Now, let’s say you hire:

  • A teacher who can only enter the classroom (EC2)

  • A janitor who can only clean certain areas (S3 buckets)

  • A principal who can do everything

To manage this, you need ID cards and rules about who can go where and do what. IAM is the system that creates those ID cards and rules.

🔐 What is IAM in AWS?

IAM (Identity and Access Management) is a free AWS service that helps you:

  • Create users and groups

  • Assign specific permissions to them

  • Control access to AWS services and resources

It’s like the security desk at the entrance of your AWS school. Only those with valid passes (IAM credentials) can enter and only into allowed rooms (resources).

🧱 IAM Components (Explained Simply)

1. Users

These are individual people (like you, your teammate, or an automated service) who need access to AWS. Each user gets:

  • A username

  • A password (for AWS Console access)

  • Access keys (for programmatic access)

2. Groups

Think of groups as teams. Instead of assigning permissions one by one to each user, you create a group (e.g., Developers, Admins) and assign permissions to the whole group.

3. Policies

Policies are sets of permissions written in JSON that define what a user or group can do. Example:

A policy might say: “Allow user to read S3 bucket X but not delete it.”

4. Roles

Roles are like temporary IDs you assign to people or AWS services. For example:

  • EC2 instance needs to access S3? Give it a role.

  • An application in Lambda wants to read DynamoDB? Assign a role.

Roles don’t belong to a specific user but can be "assumed" temporarily.

5. Permissions

Permissions are rules inside policies that allow or deny actions. Example:

  • Allow: ec2:StartInstances

  • Deny: s3:DeleteObject

6. Root User

This is your super-admin account when you first create your AWS account. You should never use it for day-to-day tasks. Create a new admin user and lock the root account down with MFA.

🔧 IAM in Action

Let’s say you hire a developer. You want them to:

  • Launch EC2 instances

  • View logs in CloudWatch

  • NOT access billing or delete resources

You:

  1. Create an IAM user for them

  2. Add them to a "Developers" group

  3. Attach a custom policy or AWS managed policies to the group

That’s it! IAM handles the rest securely.

🧩 IAM Best Practices

  • Enable MFA on all accounts

  • Never share passwords or access keys

  • Use groups to manage permissions

  • Use roles for AWS services instead of embedding keys

  • Review and audit permissions regularly

📺 Video That Helped Me:

This simple yet powerful video explained IAM beautifully:

AWS IAM Explained for Beginners

📌 Key Takeaways

  • IAM is your security checkpoint in AWS

  • It manages who can access what and how

  • With IAM, you control access in a safe and scalable way

Thanks for reading! If you’re learning AWS too, feel free to follow along — and share what you've learned too!

#AWS #IAM #BuildWithRajesh #AWSForBeginners #100DaysOfCloud #ZeroToHero #CloudSecurity #LearningInPublic #cloud

0
Subscribe to my newsletter

Read articles from Rajesh Barik directly inside your inbox. Subscribe to the newsletter, and don't miss out.

CloudCloud ComputingAWSIAMPublic CloudLearning Journey

Written by

Rajesh Barik
Rajesh Barik