AWS Identity and Access Management 101 1


AWS Identity and Access Management (IAM) is one of the very popular, free to use, and significant web service that allows end users to manage users, groups, roles, credentials, Identity federation to allow corporate users to get temporary access to AWS account, multi factor authentication, and user permissions in AWS.

Useful Scenarios:

  • Centrally managed user accounts and to get consolidated billing rather than having user accounts per user – Single AWS account and multiple users in simple terms
  • To allow access to AWS resources from specific networks and easily manage security credentials
  • To use multi-factor authentication for sign in
  • To get Access Key and Security Access Keys unique per user
  • To group users for providing them similar sort of permissions

 

Roles are assigned to AWS resources. Policy is set of permissions.

71.1%2BAWS%2BIdentity%2Band%2BAccess%2BManagement.png

What is Root Account Credentials?

When we sign up for a Free tier account for example; we provide email and password. We use this email and password to log in to AWS Management Console. This combination of email and password is known as “Root Account Credentials.”
It has Administrative access to all resources in AWS account.

There are pre-build policy templates such as Administrator Access, Power user Access (No User and Group Management), Read Only Access.

Notes:

  • IAM is not region specific service. It is universal
  • IAM allows you to manage users, groups and roles and their corresponding level of access to the AWS Platform
  • Power User Access allows access to all AWS services except for management of groups and users within IAM
  • AWS User cannot log in to the AWS management console using the Access Key ID and Secret Access Key. Admin must generate a password for the user and supply the user with this password, as well as the unique link to sign in to the AWS management console
  • Centralised control of your AWS account
  • Integrates with existing active directory account allowing single sign on
  • Fine-grained access control to AWS resources
  • The ability to create User/Group/Roles
  • Root account has administrative access
  • IAM provides very granular level of control and automated policy creation.

IAM provides very granular level of control and automated policy creation. Let’s take an example of Sample spring file deployment on AWS. IAM can be helpful in creating Amazon EC2 instances, instillation and configuration of an application.

Now let’s go to Amazon Management Console https://console.aws.amazon.com/console/homeand click on Identity & Access Management.
 72-1-aws-management-console
Just take a note that Password Policy is renamed to Account Settings.

Leave a comment

Your email address will not be published. Required fields are marked *

One thought on “AWS Identity and Access Management 101