DEV Community

Cover image for Cloud Security with AWS IAM - A quick hands-on
Jeya Shri
Jeya Shri

Posted on

Cloud Security with AWS IAM - A quick hands-on

#aws #iam #cloud #security

Managing Users, Permissions, and EC2 Access

Today, I worked on a cloud security project using AWS IAM (Identity and Access Management). Through this project, I learned how to manage users, create policies, assign permissions securely, and control access to EC2 instances. Along the way, I also gained hands-on experience with launching and managing EC2 instances.

This project helped me understand why security is a critical part of cloud architecture, not just an optional feature.

Real-World Scenario

I approached this project using a real-life assumption:

We are new interns who have just joined the NextWork team, and our task is to improve the computing efficiency of the company’s website by working with EC2 instances.

However, as interns:

  • We should not have access to all AWS resources
  • We should only be allowed to work with development (dev) resources
  • Production resources must remain protected

This is exactly the type of problem AWS IAM is designed to solve.

What I Implemented

Step 1: Creating EC2 Instances for Different Environments

Initially, I created two EC2 instances:

  • One for development
  • One for production

I differentiated them using tags and values, such as:

  • Environment: Dev
  • Environment: Prod

IAM

This tagging approach is important because:

  • IAM policies can reference tags
  • Access can be restricted based on environment
  • Resource management becomes much clearer at scale

Step 2: Creating IAM Policies

Next, I created an IAM policy.

Policies are written in JSON format and define:

  • Which AWS services can be accessed
  • What actions are allowed (start, stop, describe, etc.)
  • Which specific resources the permissions apply to

Policies

In this case, the policy was designed to:

  • Allow access only to EC2
  • Restrict actions to development EC2 instances
  • Prevent access to production resources

This ensures the principle of least privilege, where users get only the permissions they truly need.

Step 3: Creating User Groups and Attaching Policies

Instead of assigning policies directly to users, I:

  • Created an IAM user group
  • Attached the policy to the group

Why groups?

  • Easier permission management
  • New interns can be added or removed without modifying policies
  • Consistent access control across users with the same role

This is the recommended best practice in IAM.

Step 4: Creating an Account Alias

Since we manage both development and production environments:

  • We cannot share the root account credentials
  • Sharing passwords is unsafe and against AWS best practices

To solve this, I created an account alias.

An account alias:

  • Is a user-friendly URL for AWS login
  • Allows users to sign in securely
  • Avoids exposing the actual AWS account ID

Interns can now access the AWS console using this alias in a restricted manner.

Step 5: Creating IAM Users

I then created IAM users to represent the interns.

During user creation:

  • Each user is added to the appropriate group
  • Permissions are inherited from the group’s policies
  • AWS automatically generates a username and password

These credentials are shared with the interns so they can log in securely.

Step 6: Logging in as an Intern

Using:

  • The account alias
  • The generated username and password

The interns can:

  • Log in to the AWS Management Console
  • View and manage only the EC2 instances they are permitted to access
  • Perform development-related tasks without risking production resources

Key Learnings from This Project

  • IAM is the foundation of AWS security
  • Never give users full access when limited access is sufficient
  • Policies control what users can do
  • Groups simplify permission management
  • Account aliases improve security and usability
  • Tags play a major role in access control and environment separation

Final Thoughts

This project gave me a practical understanding of how organizations manage access in AWS. Instead of everyone having full control, IAM ensures that:

  • The right people have the right access
  • Production systems remain protected
  • Security scales with team size

It was a great introduction to cloud security best practices, and it clearly showed why IAM is one of the most important services in AWS.

Looking forward to learning more and building deeper security-focused projects.

Thanks to NextWork community for this project resources and guidance.

Top comments (0)