Understanding the Basics of IAM for DevOps and Cloud Security

sivasai papanisivasai papani
3 min read

๐Ÿ“˜ What is IAM?

IAM stands for Identity and Access Management. It is like a central manager that helps you control who can enter your cloud, access AWS resources, and what they can do once inside.

๐Ÿ‘‰ Identity

IAM helps you manage the identities (like usernames or service accounts) that can interact with your AWS resources.

๐Ÿ‘‰ Access

It determines what actions (like reading, writing, or deleting data) each identity is allowed to perform on AWS services.

๐ŸŒŸ Features of IAM

๐Ÿ” Control Who Does What

IAM lets you decide who can access AWS resources and what they can do with them.

๐Ÿ” Extra Security with MFA

You can add an extra layer of security by requiring users to use a second form of verification, like a smartphone app, along with their password.

๐Ÿ” Simplify Access for Services

IAM allows AWS services to access other services securely, reducing the need for secret keys.

๐Ÿ” Fine-Tune Permissions

You can specify exactly what each user or group can access, ensuring they only have the permissions they need.

๐Ÿ” Access Advisor Insights

IAM provides insights into permissions, helping you see what users and services are using and adjust permissions accordingly.

๐Ÿ” IAM Identities

IAM identities are categorized into three types:

  • IAM Users

  • IAM Groups

  • IAM Roles

๐Ÿ‘ค IAM Users

IAM users are individual entities within your AWS account. They can be human users, applications, or services that need to interact with your AWS resources.

  • Identification: Each IAM user has a unique username.

  • Access Credentials: Users can have passwords (for console access) or access keys (for CLI/API access).

  • Permissions: Policies define what actions users can perform.

  • MFA: Adds an extra layer of security with a smartphone app or hardware token.

๐Ÿ‘ฅ IAM Groups

IAM groups are collections of IAM users with similar permissions.

  • Group Membership: Users can belong to multiple groups.

  • Policy Attachment: Policies are attached to groups; users inherit these permissions.

  • Efficiency: Easily manage permissions for multiple users at once.

๐Ÿงณ IAM Roles

IAM roles are used to grant temporary access to AWS services or trusted entities.

  • Trust Relationships: Define which entities or services can assume the role.

  • Temporary Permissions: Valid only for a short time.

  • Cross-Account Access: Useful for collaboration across AWS accounts.

๐Ÿ“œ Policies

IAM roles are defined by two types of policies:

โœ… Permission Policy

  • Specifies what the role can do (e.g., s3:GetObject)

  • Attached directly to the role

  • Includes: Effect, Action, Resource

โœ… Trust Policy

  • Specifies who can assume the role (e.g., EC2, another user/account)

๐Ÿงฑ Creating IAM Roles

๐Ÿชœ Step 1: Go to IAM > Roles > Create Role

Choose trusted entity (e.g., EC2, Lambda, another account)

๐Ÿชœ Step 2: Attach Trust & Permission Policies

Use JSON format to define:

  • Trust Policy (who can assume the role)

  • Permission Policy (what the role can do)

๐Ÿชœ Step 3: Add Role Name & Description

Name your role clearly (e.g., EC2-S3-ReadOnly-Role) and create it.

๐Ÿชœ Step 4: Assign the Role

Attach the role to an EC2 instance, Lambda function, or allow users to switch to it.

๐Ÿง  Summary

  • IAM is a core part of AWS security

  • Use IAM users for individual access

  • Use groups to manage permissions at scale

  • Use roles for temporary, secure access (including cross-account)

  • Always enforce MFA and least privilege

IAM gives you the power to control access, reduce risk, and enforce security critical responsibilities in every DevOps and cloud role.

0
Subscribe to my newsletter

Read articles from sivasai papani directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

sivasai papani
sivasai papani