AWS - Identity and Access Management
Whenever you want to keep your data in someone else’s place, the primary thing you are concerned about is the security and privacy of your data. In AWS, we have one of the most widely used, trusted and core services for user management are AWS IAM.
AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.
We should be aware of some of the key services under IAM such as Users, Roles, Policies, Key rotation, and few others.
Users - AWS IAM User is an entity that you create in AWS to represent the person or application that uses it to interact with AWS.
Roles - An IAM role is an entity with permissions to make AWS service requests. Roles are attached to AWS users say in account A through which they can access another account B or Roles are attached to AWS Services such as EC2 so that they can call (API calls)another service say S3.
Policies - Roles are to access another account or service whereas, Policies are the permissions associated with a user. When a user tries to perform any action in any other account or service AWS evaluates the attached Policies and determines whether the request is allowed or not.
Policies can be selected from the ready template available in IAM or can be defined using Visual editor or JSON.
While defining an IAM Policy through a visual editor you will choose Service, allowed action to perform, Resources who can perform this action, and Request condition. Another method that is using JSON you will define the policy.
Best Practices in AWS IAM -
1. Do not use Root User to perform daily activities in your AWS environment, root user has full privileges by default so always create IAM Users and attach Roles and Policies based on the requirements through which you will make sure none of the users can perform unwanted actions.
2. Enable strong passwords, password rotation policies, and Multi-factor authentication in order to keep your account more secure.
3. Delete the root access key for the root user as soon the user is created, for the users who do not require console access can be granted with only CLI access by providing them Access key id and secret access key.
4. Always create a Group for users having similar roles and permissions so can easily manage multiple users via Group.
CLI Commands for AWS IAM:
- Create IAM User - “aws iam create-user --user-name xyz”
2. Create Access Key- “aws iam create-access-key --user-name xyz”
3. List AWS IAM Users - “aws iam list-users”
Please refer to the official documentation on AWS IAM from Amazon in this link “https://docs.aws.amazon.com/iam/”
AWS CLI reference “https://docs.aws.amazon.com/cli/latest/reference/iam/”
Get your hands dirty by doing all the above learnings hands-on in your own AWS free tier account by referring to the below videos.
Knowledge credits: AWS official blog.
Video credits: KnowledgeIndia AWS YouTube videos.
“Don’t be afraid of the space between your dreams and reality. If you can dream it, you can make it so.” - Belva Davis
I am happy to hear your feedback, suggestions, requests on any topics in my coming blogs.
LEARN and BE CURIOUS!!!!!
Happy Learning,
Yogendra
