AWS: Identity & Access Management
Amazon Web Services (AWS) cloud provides users with a very secure virtual platform to deploy their applications. It offers high data protection as compared to an on-premise environment, at a lower cost.
Amazon Web Services (AWS) cloud provides users with a very secure virtual platform to deploy their applications. It offers high data protection as compared to an on-premise environment, at a lower cost. Among various other AWS security services, Identity and Access Management (IAM) is the most widely used service. It helps us to secure control access to AWS resources and services for the users. Also, it helps us to create and manage AWS users as well as groups, and provides necessary permissions to allow or disallow access to AWS resources.
Features of IAM
Centralised control of your AWS account: You can control creation, rotation, and cancellation of each user's security credentials and also control what data in the AWS account users can access and how they can access.
Shared Access to AWS account: Users can share the resources for collaborative projects.
Granular permissions: It is used to set a permission that user can use a particular service but not other services.
Identity Federation: An Identity Federation means that you can use Facebook, Active Directory, LinkedIn, etc with IAM. Users can log in to the AWS Console with the same username and password as you log in with the Active Directory, Facebook, etc.
Multi-Factor Authentication: AWS provides multi-factor authentication for which you need to enter the username, password, and security code to log in to the AWS Management Console.
Permissions based on Organizational groups: Users can be restricted to the AWS access based on their job roles, for example, admin, developer, etc.
Networking controls: IAM helps us to ensures that the users can access the AWS resources within the organization's corporate network.
Access for users/devices and services as necessary: If you are using a mobile app and storing the data in AWS account, you can do this only when you are using temporary access.
Integrates with many different AWS services: IAM can be integrated with many other different AWS services.
Supports PCI DSS Compliance: PCI DSS (Payment Card Industry Data Security Standard) is a compliance framework. If you are taking credit card information, then you need to pay for compliance with the framework.
Free to use: AWS IAM is a feature of AWS account which is free of cost. You will be charged only when you access other AWS services by using IAM user.
IAM Set-Up (step by step)
⦁ Log in to your AWS account with root Credentials.
⦁ Management console will come up, click on IAM on the Dashboard.
Navigate to Services - IAM.
⦁ Click on Users from Navigation Panel(Left-hand side).
⦁ Click on the Add user.
You need to give User name, check the AWS Management Console Access checkbox, click on Custom password, give a new password(which will be changed during signing- in) & click on Next: Permission.
Click on the Add user to the group & click on create group.
Give a Group name, click on Filter policy & select i.e check the AWS managed: job function checkbox.
Check the AdministratorAccess checkbox & click on Create group.
You can add tags, it's optional
Review & click on Create user.
Success. Click on the blue link.
Give the IAM user name & password & sign in.
Give a New password & click Confirm password change.
A new IAM user is created.