Demonstration on how to setup and configure users, groups and roles and differences between them.
In AWS IAM, all three elements are considered as objects.
Users
A User object can represent a real person who requires access to operate and maintain the AWS environment or access the AWS resources or services programmatically.
Users are representing an Identity which are used in the authentication process to the AWS account.
Creating a User
Users can be created using AWS Management Console or Programmatically via AWS CLI, IAM HTTP API, Tools for windows powershell.
- Creating user name which can be upto 64 characters in length.
- Selecting AWS access type:
Programmatic:
Enables an access Key Id and Secret access key for the AWS CLI, API, SDK.
AWS Management Console :
Enables a password that allows users to sign-in to the AWS Management Console.
- Set permissions for the user:
For give access to the user AWS has 3 ways.
- From user groups
Add the user to one particular user groups, the permission which are assigned for the groups will automatically applicable for the particular user.
- Add policies directly
Admin can directly add an existing policies or can create new policies.
Adding tags are optional
Reviewing the user
- After the successful user creation
Download the .csv file for the access keys and password for the created user.
Admin can send e-mail for the user using send-email link.
Groups
-> Groups can contain only users and not other groups
creating group for an user/users:-
Have to provide the group name and there we can add the users to the group as well if already users exists as below
if user didn't exists while creating the group , we can specify the group while user creation.
While creating the group if we have to attach the policies at the group level we can as per the below screenshot.
Group has been create by showing the number users and creation time.
Roles
Roles can be assumed by the entities to get the credentials
Most commonly we will do for AWS services and common roles are EC2 and lambda
we can create our own policy or can select from exists policies. we have to provide role name and description.
The JSON document for the role will be defined in below format.
tags are optional.
The roles has been created.
Top comments (0)