AWS IAM (Identity and Access Management) is a service that helps you securely control access to your AWS resources. It allows you to manage users, their permissions, and how they interact with AWS services. Essentially, it's the foundation for security and access control within your AWS account.
Log in AWS console with your root username and password, after log in search IAM in search bar.
Basically IAM containing 3 different components as follows:
- User
- Policies
- Group
- Roles
first we will go with Users, by creating user is nothing but authentication eg. entering any bank is means by authonticating user. user this user doesn't have any Authority for any servies so that Policies play big role in this. using Policies we can give any types of authorities to users. there are different already created by AWS to Help the Devops or cloud engineer. but we can customize our own policies by just writing json formating script.
next is groups, If in your orginization thousand of employee and lots of employee leaves the organization and new employee are joining the organization in that cases its very difficult to manages every employee Policies and Efficiency also reduces so AWS introduce groups, instead of changing each and every employee policies, create group and add them in different groups as per their role so by changing only their groups policies it will applicable to all employee. eg. In your organization, we have 3 roles 1. deveoper 2. QA 3. DBAdmin. in this case you have to only changing the groups policies and each user on in their respective groups as per their roles.
Now lets see how to create Users, policies and groups in AWS
go to IAM section we will see below window:
click the users section then click create users
Note: always use Autogenerated password, it mean every log we have to create new password each time to more secure.
while creating you can directly add policies or later you can apply policies
after clicking next you can review and create the user by clicking create user
after this you will feedback and your user is created
for login with IAM user download .csv file in your local storage
this .csv file contains below things
use this information for login with IAM users.
Now I am logout my root users and login with IAM users
after login you have to reset password by changes autogenerated password.
If you see carefully we will notice that left top corner your username is mentioned that means you login with your user.
but till now we did add any policies so after login with user test-user-01 all the permision denied is showing.
to give different types of permission to user to to user first with your root user by logout the user test-user-01. give the required permission then login with IAM user then you can access perticular service as per policies applied to your user.
In my case I apply full_access_S3 policy to the user test-user-01 so test-user-01 can access my S3 bucker list.
In this blog, we explored the fundamentals of AWS Identity and Access Management (IAM), a powerful tool for managing access to AWS resources securely. We learned how to create users, assign permissions through policies, and organize users into groups for streamlined access control. IAM not only helps in maintaining security but also simplifies user management, especially in large organizations. By assigning the right permissions using predefined or custom policies, you ensure that users have exactly the access they need—no more, no less. Mastering IAM is essential for any DevOps or cloud engineer aiming to implement best security practices in AWS.
Top comments (0)