Hey do you know how authorization and authentication works in AWS. It is a first step to ensure control access to resources and actions that you can perform daily without using root user. Lets understand this concept with the help of example - Imagine you have a bank account in XYZ bank and that bank has different services available like withdrawing money, money deposit, account opening, service desk to help customers according to their needs. Suppose someone wants to enter a bank to make use of these services, he first needs to authenticate himself by showing valid ID that includes credentials. Then, he will be authorised to use services depending on permissions granted to him.
This same scenario works in AWS Cloud also by making use of IAM service that has features like Users, Groups, Policies, Roles to manage access and grant permissions to do activity with services like EC2, S3, Database, ECS etc. Lets understand each one of these features-
Users: It allows root user to add different users requesting access to AWS Console and services.
Policies: It gives permissions to users to perform operations on service like launching EC2 instance, creating S3 buckets and many more.
Groups: It helps in grouping same users into one group like group of developers, group of testers to attach policies directly to group instead of individual user.
Roles: Roles helps in establishing communication between services available outside with AWS or between two AWS accounts.
Step-1: Login to AWS console and search IAM.
Step-2: Under IAM Users click on create user. Enter user name like test-user-303 and check boxes as shown below.
Step-3: Click Next and attach policies that you want to allow this test-user-303 to access. for example- giving EC2 full access.
Step-4: Click next and then click on create user at bottom. You will see console sign in details that you can use to login as IAM user and you have set up a IAM user.
Now you can create as many users and put them under one group to save time of attaching policies one by one.
Top comments (0)