Understanding AWS Cloud Services (IAM, Load Balancer & ASG)

Pooja BhavaniPooja Bhavani
5 min read

In this blog, Let’s explore the fundamental AWS services that form the backbone of most cloud architectures: IAM (Identity and Access Management), Load Balancers, and (ASG) Auto Scaling Groups. We’ll discuss what each service is, why it’s important, and real-world scenarios where they are used.

IAM (Identity and Access Management)

Lets’s know what is IAM and Why it's one of the most important services in AWS Cloud?

What is IAM?

IAM (Identity and Access Management) is a service provided by AWS that enables you to securely manage access to your AWS cloud resources. It allows you to create users, groups, roles, and policies that define who can access what and under what conditions within your AWS environment.

Why we use IAM?

  • It secures Your AWS Account

  • You can grant least privilege access to users using IAM. Which means users will have access to only services and actions you explicitly allow.

  • Audit and Monitoring IAM integrates with CloudTrail to track who did what and when. This helps with security audits and compliance.

  • Temporary Access you can grant temporary credentials using IAM roles

Let’s understand what are IAM Users, Groups and Roles

IAM Users

IAM Users are individual identities created within your AWS account. These users represent individuals or applications within an AWS account that need to interact with AWS resources.

What are IAM Policies?

IAM Policies are documents that define permissions for accessing resources in a cloud environment. They specify what actions are allowed or denied, on which AWS resources, and under what conditions.

IAM Groups

IAM Group is a collection of IAM Users. They allow you to manage permissions for multiple users at once by attaching policies to the group, instead of individually to each user. By organizing IAM users into groups we can manage permissions collectively. Eg: you can create a group (like Developers, Admins, or DataScientists) and attach policies to the group.

IAM Roles

They are similar to IAM User but they are not associated with individual. Eg: You created an python application on EC2 instance and for some reason this EC2 instance needs access to database service like to read data from an RDS database. In that case you need to attach an IAM role to this EC2 instance to grant read or write permissions to database. So in IAM roles we give permissions to services not to a specific individual like an IAM User.

Steps to create Roles

  • Create three Roles named: DevOps-User, Test-User and Admin.

  • Click on Create role and Choose AWS service as the use case.

  • Click on Next and Add Permissions and Search for the policy named AmazonEC2FullAccess and select it.

  • Click on Next and Review and write your role name: DevOps-User and then Create role do same steps for Test-User and Admin.

Load Balancing

Now Let’s know what is Load Balancing and types of Load Balancers

What is Load Balancing?

Imagine if your website is getting thousands of requests per second. How would you handle the traffic load if all those requests go to a single server, it could crash or become very slow.

As solution we use Load Balancer

A load balancer sits in front of your servers and evenly spreads the traffic so that:

  • If one server goes down, traffic is routed to healthy ones

  • No server gets overloaded

  • You can handle more users

  • Also it improves performance, availability, and fault tolerance

Types of Load Balancers

ALB (Application Load Balancer)

ALB works at Layer 7 (Application Layer) of OSI Model and supports HTTP/HTTPS traffic, it distributes incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones

For OSI Model Ref:

https://www.youtube.com/live/mNTs-shuFno?si=k7pKtibivJ7Wtki6

Why ALB?

It provides detailed monitoring, request tracing, and SSL termination.

It can route traffic to different services based on URL path and Domains

→ Example:
/login goes to Auth service,
/products goes to Catalog service
/cart goes to cart service.

This makes ALB ideal for microservices and containerized applications, where different paths or subdomains serve different backend services.

NLB (Network Load Balancer)

NLB operates at Layer 4 (Transport Layer) and supports TCP/UDP traffic. It’s designed to handle millions of requests per second with high-performance and very low latency.

Why NLB?
It handles TCP, UDP, and TLS traffic.

  • It is capable of extremely high throughput.

  • Supports static IP addresses (or lets you assign Elastic IPs).

  • NLB supports non-HTTP(S) protocols

  • Ideal for real-time systems, gaming, IoT.

  • Works with IP-based target groups (including on-prem systems).

ASG (Auto Scaling Group)

ASG (Auto Scaling Group) is an AWS feature which automatically manages the number of EC2 instances in a group based on demand, schedules, or health checks.

Why ASG?

  • Scale Out: It automatically adds more EC2 instances when demand increases (e.g., more users or traffic).

  • Scale In: It removes or terminates unnecessary EC2 instances when the traffic is low to save cost.

  • High Availability: If an Instance is deemed unhealthy or failed ASG replaces instances automatically.

  • Scheduled Scaling: Increase or decrease instances at specific times (e.g., scale up during business hours).

  • Custom Metrics Scaling: Scales based on CPU, memory, request count, etc.

Scenario for ASG:

Eg: You host a web application on EC2. During the day, traffic increases, and at night it drops.

By using ASG:

  • It launches more instances automatically during peak hours.

  • Terminates them during low-traffic hours reducing costs.

  • If one instance is deemed unhealthy or fails, it is replaced instantly by ASG.

Conclusion

IAM, Load Balancers, and Auto Scaling Groups are essential building blocks of any scalable, secure, and reliable cloud architecture on AWS.

  • IAM ensures that the right people and services have the right access.

  • Load Balancers improve availability and distribute traffic efficiently across servers.

  • ASG ensures your application can handle changing workloads while optimizing cost.

By understanding and combining these services, you can build cloud-native applications that are resilient, scalable, and secure.

0
Subscribe to my newsletter

Read articles from Pooja Bhavani directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSIAMAuto Scaling GroupTrainWithShubhamLoad BalancingIAM,MFA,Access key ID,Secret access key

Written by

Pooja Bhavani
Pooja Bhavani

Hi, I am Pooja Bhavani, an enthusiastic DevOps Engineer with a focus on deploying production-ready applications, infrastructure automation, cloud-native technologies. With hands-on experience across DevOps Tools and AWS Cloud, I thrive on making infrastructure scalable, secure, and efficient. My journey into DevOps has been fueled by curiosity and a passion for solving real-world challenges through automation, cloud architecture, and seamless deployments. I enjoy working on projects that push boundaries whether it's building resilient systems, optimizing CI/CD pipelines, or exploring emerging technologies like Amazon Q and GenAI. I'm currently diving deeper into platform engineering and GitOps workflows, and I often share practical tutorials, insights, and use cases from my projects and experiences. ✨ Let’s connect, collaborate, and grow together in this ever-evolving DevOps world. Open to opportunities, ideas, and conversations that drive impactful tech!