I am going to give a brief overview of IAM role in AWS, what identity and access management or IAM in AWS are.
So let’s get started.
AWS defines identity and access management as a service (AWS IAM) that enables you to manage access to AWS services and resources securely using identity and access management.
you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
IAM Consists of: –
- A Root user
User
Groups
Roles
Policies
Every account has a root user, only one root user per account.
By default a root user: –
- Has access to all services
- Create Users, Groups, Roles, and Policies
- Grant permissions(Policies) to users, groups, and roles.
IAM Features And Benefites
- Enhance security
- Granular control
- Temporary credentials
- Use external identity system(Facebook, Google)
- Integrated with every other AWS service
- Free
Pay for the service used
AWS Free Account
You can create a free AWS account by using the below link:
You will need a credit or debit card to complete sign up for AWS account. You just need to pay Rs. 2/- for account varification.
IAM Role In AWS
- Individual or application that is granted access to AWS resources
- Individual security
Access keys
Passwords
- Similar to logging in to work computer
- Has zero access to start
What Is A User?
- Can be assigned: –
To groups
Individual policies
Security credentials
How To Create User
New user: –
- User name:- AppUser
- AWS access type:-
AWS management console access
Console password:- (customer password)
- Permissions
Attach existing policies:-
Search for : S3 (predefined policy)
Select AmazonS3FullAccess
Click on “Next”
Go to services and select “IAM” this will give you a nice Dashboard console.
One interesting thing to note is that Amazon recommends a few things first.
Once you create your free AWS account the first thing you should go into identity and access management and create a user that has access to all sources.
It is best practice never to use your root user account unless you absolutely have to.
The reason being is if someone gets a hold of a user’s username and password they can do all sorts of damage or if someone gets access to a user they can just delete it and create a new user new role.
And the second thing is users do not have permission to anything to start.
And we can verify that by creating a user and then go into S3 for example.
Steps For Creating User
Click on “Users” left hand side >>Add User
Give the name of that user to have AWS management console access
Click on “AWS Management Console access” check box for enabling a password that allow users tp sign-in to the AWS management console.
Click on ” Custom password” and type a password
Uncheck the “require password reset” and click “Next”
Click on “Attach existing policies directly”
Search for desired policy like S3 and select “AmazonS3FullAccess”
you can click on drop down here to see the permission that have been granted under the “AmazonS3FullAccess”
Click on “Next:Review” to review the permission summary.
Click on “Create User”
you can the message that you successfully created the users shown below.
Copy the below link and Paste in new Tab
Sign in with the username and password you have created.
You can see in the top right corner, username you logged in.
Test The Permissions
Go to AWS Services click on “S3”. You will be able to successfully login to S3.
Try to create a bucket as you can but you will not be able to access other services.