AWS Identity and Access Management (IAM) enables the user to manage access to AWS resources and services securely. Using IAM, you can create and manage AWS group and users, and use permissions to allow and deny their access to AWS resources.
What is IAM?
- IAM stands for Identity Access Management
- IAM used to set users, roles, and permission. It allows you to grant access to the different services of the AWS platform
- AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage user permissions and users in AWS.
- Organizations can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access with IAM.
Features of IAM
- Centralized control of your AWS account
- Shared Access to your AWS account
- Granular permissions
- Identity Federation
- Multifactor Authentication
- Permissions based on Organizational groups
- Networking controls
- Provide temporary access for devices/users and services where necessary
- Integrates with many different aws services
- Supports PCI DSS Compliance
- Eventually Consistent
- Free to use
IAM identities are categorized as given below:
- IAM Users
- IAM Groups
- IAM Roles
How IAM works?
IAM helps in creating Permission and roles:
AWS IAM allows us to do:
- Manage IAM users and their access
- Manage IAM roles and their permission
- Manage federated users and their permission
- AWS has a list of best practices to help developers and IT professionals
- Manage access to AWS resources.
- Users – Create individual users.
- Groups – Manage permissions with groups.
- Permissions – Grant least privilege.
- Auditing – Turn on AWS CloudTrail.
- Password – Configure a strong password policy.
- MFA – Enable MFA for privileged users.
- Roles – Use IAM roles for EC2 instances.
- Sharing – Use IAM roles to share access.
- Rotate – Rotate security credentials regularly.
- Conditions – Restrict privileged access further with conditions.
- Root – Reduce or remove the use of root.
AWS IAM Features
- IAM enables security best practices by allowing you to grant unique security credentials to groups and users to specify which resources and AWS service APIs they can access.
- IAM is secure by default; users have no access to AWS resources and services until permissions are explicitly granted.
- IAM provides the granularity to control a user’s access to specific AWS resources and services using permissions.
- For example, reading the contents of an Amazon S3 bucket or terminating EC2 instances
- In addition to defining access permissions directly to groups and users, IAM also allows us to create roles.
- Roles allow you to authenticated users or EC2 instances assume them, increasing your security posture and to define a set of permissions by granting temporary access to the resources you define.
Seamlessly integrated into AWS services
- IAM is integrated into most of the AWS services. This gives the ability to define access controls from one place in the Management Console that will effect throughout your AWS environment
Flexible security credential management
- IAM allows you to authenticate users in many ways, depending on how they want to use AWS services.
- You can assign a range of security credentials including key pairs, passwords, and X.509 certificates. You can also assign using multi-factor authentication (MFA) on users who access the AWS Management Console or use APIs.
Apponix Technologies offers best and real time AWS Training in Bangalore