AWS IAM (AWS Identity and Access Management)

AWS Identity and Access Management (IAM) enables the user to manage access to AWS resources and services securely. Using IAM, you can create and manage AWS group and users, and use permissions to allow and deny their access to AWS resources.

What is IAM?

IAM stands for Identity Access Management

IAM used to set users, roles, and permission. It allows you to grant access to the different services of the AWS platform

AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage user permissions and users in AWS.

Organizations can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access with IAM.

Features of IAM

Centralized control of your AWS account

Shared Access to your AWS account

Granular permissions

Identity Federation

Multifactor Authentication

Permissions based on Organizational groups

Networking controls

Provide temporary access for devices/users and services where necessary

Integrates with many different aws services

Supports PCI DSS Compliance

Eventually Consistent

Free to use

IAM Identities

IAM identities are categorized as given below:

IAM Users

IAM Groups

IAM Roles

How IAM works?

IAM helps in creating Permission and roles:

AWS IAM allows us to do:

Manage IAM users and their access

Manage IAM roles and their permission

Manage federated users and their permission

AWS has a list of best practices to help developers and IT professionals

Manage access to AWS resources.

Users – Create individual users.

Groups – Manage permissions with groups.

Permissions – Grant least privilege.

Auditing – Turn on AWS CloudTrail.

Password – Configure a strong password policy.

MFA – Enable MFA for privileged users.

Roles – Use IAM roles for EC2 instances.

Sharing – Use IAM roles to share access.

Rotate – Rotate security credentials regularly.

Conditions – Restrict privileged access further with conditions.

Root – Reduce or remove the use of root.

AWS IAM Features

Enhanced security:

IAM enables security best practices by allowing you to grant unique security credentials to groups and users to specify which resources and AWS service APIs they can access.

IAM is secure by default; users have no access to AWS resources and services until permissions are explicitly granted.

Granular control

IAM provides the granularity to control a user’s access to specific AWS resources and services using permissions.

For example, reading the contents of an Amazon S3 bucket or terminating EC2 instances

Temporary credentials

In addition to defining access permissions directly to groups and users, IAM also allows us to create roles.

Roles allow you to authenticated users or EC2 instances assume them, increasing your security posture and to define a set of permissions by granting temporary access to the resources you define.

Seamlessly integrated into AWS services

IAM is integrated into most of the AWS services. This gives the ability to define access controls from one place in the Management Console that will effect throughout your AWS environment

Flexible security credential management

IAM allows you to authenticate users in many ways, depending on how they want to use AWS services.

You can assign a range of security credentials including key pairs, passwords, and X.509 certificates. You can also assign using multi-factor authentication (MFA) on users who access the AWS Management Console or use APIs.

Apponix Technologies offers best and real time AWS Training in Bangalore

Related posts: