Day #3: What Is IAM?

Day #3: What Is IAM?

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

IAM allows you to setup users groups permissions and roles and basically allows you to grant access to different parts of the AWS platform

Identity access management offers the following features

  1. It gives you centralized control of your AWS account
  2. It gives you shared access to your AWS account
  3. It gives you granular permissions. It means you can choose what access to give to what service..
  4. It also gives you multi factor authentication.This means that when you logging in to the database management console you need a user name a password and then a special code in order to log in and then it also provides temporary access for users
  5. It integrates with many different AWS services

IAM Resources

  1. User
  2. Group
  3. Policies
  4. Roles

User:

This is just simply end users such as people employees of an organisation. We can give programmatic and console access to user while creation.

We can assign user to particular group or can assign policies to user.

After creation successful user it provide Access key and secret access key.

Note: These key are provided one time only. Please download csv for future reference. or email it.

Group

This is a collection of users so each user in the group will inherit the permissions of the group. So long as that user is in that group that user will inherit the permissions of the group. We can also create a group and can assign policies to group.

Policy

Policies are made up at document called policy documents and these documents are in Json format And it basically gives you permissions as to what a user group or role is able to do.

We can create polies through visual editor or json file. 


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "lambda:GetLayerVersion",
                "lambda:GetEventSourceMapping",
                "lambda:GetFunction",
                "lambda:GetAccountSettings",
                "lambda:GetFunctionConfiguration",
                "lambda:GetLayerVersionByArn",
                "lambda:GetLayerVersionPolicy",
                "lambda:GetProvisionedConcurrencyConfig",
                "lambda:GetFunctionConcurrency",
                "lambda:ListTags",
                "lambda:GetFunctionEventInvokeConfig",
                "lambda:GetAlias",
                "lambda:GetPolicy"
            ],
            "Resource": "*"
        }
    ]
}

Roles

It is an IAM entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services such as EC2.

We can create role assign Entity and services which will consume the role with the policies.

Leave a Reply

Your email address will not be published. Required fields are marked *