Setup IAM User with access to resources
What are IAM Users and how to create one?
IAM Users are AWS Users who can access,provision,monitor various AWS Manged or any services provided within the AWS Architecture.There can be fine grain control over the IAM users where users can have only READ access to multiple services or full CRUD control over there assigned services.
We can simply create a IAM User from the console but there are three ways where we can create a IAM user :
- AWS CLI : Has access key which is a combination of (access key ID and a secret access key)
- AWS API : AWS API type of IAM user also interacts with the AWS services VIA CLI.
- AWS Console : Has console password and username which will grant access to the AWS Management Console.
What are the types of IAM users?
The types of IAM Users are Users with :
Programmatic access : The IAM user might need to make API calls, use the AWS CLI, or use the Tools for Windows PowerShell. In that case, create an access key (access key ID and a secret access key) for that user.
AWS Management Console access : If the user needs to access the AWS Management Console, create a password for the user.
What are the ways for IAM users to access/assign resources?
The ways for IAM users to access/assign resources are through directly policy applied to the user or group level policy applied to the users.
- IAM User : A IAM user associated with an access key or console password which can be attached policies directly.
- IAM Group : A IAM group is a collection of IAM Users with similar IAM Roles required to attain an objective from which multiple tasks can be handles by a big group of people or could be used for various stages of software engineering lifecycle (ie dev,prod,staging).
- IAM Roles : IAM Roles are a collection of access where we can attach roles to users who can perform special actions as in deployment or any other.
- Instance Profiles : The Instance profiles are profiles created by the IAM user to access and manage policies for EC2 Instance to operate and work properly with CODE DEPLOY.
How to assign the IAM user to use CODE DEPLOY?
The CODE DEPLOY and IAM user are connected via Instance Profiles with IAM Roles,IAM Groups.
Instance Profiles : The Instance profiles are profiles created by the IAM user to access and manage policies for EC2 Instance to operate and work properly with CODE DEPLOY.Instance Profiles are attached with IAM Roles which will grant the profile with access to resources only one IAM Role can be assigned to a Instance Profiles.Where as the same IAM Role can be used on multiple Instance Profile.
Top comments (0)