fbpx

by Mohdqaz

What is IAM (Identity Access Management)

AWS IAM is a short form for AWS Identity Access Management . Why is IAM important in AWS?

  • Centralized control of your AWS account
  • Shared access to your AWS account
  • Granular permission
    • For example, I want people to access this server but not that server 
  • Identity federation
    • Easiest way to explain this is access using Facebook or Google credential 
  • Multi-factor (MFA) authentication
    • Using username, password and another way (second way) of identifying yourself for example using Google Authenticator 
  • Temporary access for users / devices when necessary 
  • Allow administrator to set password rotation policy 
  • Integrates with many different AWS services 
  • Support PCI DSS compliance
    • If you take credit card details, it will need to be compliance with PCI DSS framework 

Following are Key Terminology (main concept) that is being used in IAM 

User

  • Root User:
    • The first user created is Root user which is created during AWS Account creation.
    • Root user can be accessed by using email address and password used to create AWS Account
    • Anyone having access to the Root user will have unrestricted access to all AWS Resources under that account
  • Click here for AWS Best Practice for Root User
    • (AWS Best Practice is the recommended way from AWS to perform tasks or management based on years of experience with their clients)
  • IAM User doesn’t have to be an actual person. For example, and application need to access AWS, you can create an IAM user in order to get Access Key which later can be used by that application
  • Remember that for all users (except for Root user), permission must be given that grant access to AWS Services. By default, new users created do not have any access to the any service

Group

  • What is AWS Group?
    • AWS Group are a collection of several users 
    • Users can then belong to multiple groups
  • It is easier to assign permission to the group rather than assigning the permission one by one to users

Policy

  • What is Policy? Policy defines:
    • What Users / Groups / Roles can perform
    • On which resources (S3 / EC2 / RDS / etc) tasks can be done
    • Condition that the tasks can be performed
    • Most policies are stored in AWS as JSON documents

Roles

  • What is Role?
    • IAM Roles is similar to IAM User as it is also an identity
    • With a policy that determine what the identity can or cannot do in AWS
    • What makes it different from User is it doesn’t have any password or access keys

Whizlabs

Hands-on Lab, Exam Practice Questions, E-Learning

AWS Document

For official information from AWS

Want more topics?