IAM in AWS
A Guide to Managing Access in AWS
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources by authenticating and authorizing users.
This blog will guide you through the basic concepts of IAM and the steps to create IAM users and groups.
IAM mainly have 3 main concepts
IAM Users
IAM user is a sub-user of root account of AWS. These users can be created by using the root account or by the IAM user account which has the permission to manage IAM users.
IAM Roles
These are the different kind of operations that can be done in AWS. We have some of the pre-defined roles in AWS which are already defined and most used roles.
IAM Policies
These are the set of permissions to specify up to which level a user can access AWS service.
In general in any organization it is not possible to manually create users and attach policies to each user as large number of users enter and leave the organizations every day. So, as the best practice it is better to create the user group and attach policies to the each group according to their roles in an organization and whenever a new user joins the organization, Devops engineers will create a new user and they simply throw that users into their corresponding group.
Creating a new IAM user and adding them to IAM group
Firstly go to User groups in IAM dashboard left navigation menu.
Then, choose desired group name and add the required policies and we can also directly add the users to the group from here itself.
After configuring them click Create user group. This creates a new User group.
Then go to Users section and click on Create user,
Specify username and check on provide user access to AWS console if necessary and click on I want to create IAM user and select password type and click next.
Select the IAM user group into which you want to add this user and click next.
Review your IAM user details and click on create user.
This creates a new IAM user for your root account. Once the user is created you can download your IAM credentials and mail them to your employee.
Login to the IAM User account
Go to aws.amazon.com through your browser and click on sign in to the console and select the IAM user.
And then give your account ID, user name and password that you received and click on sign in.
When logged in for the first time, it asks you to change your password as it was mentioned to ask so, while creating a user itself.
Choose your password and click on confirm password change. It updates your password and redirects you to console of your IAM account.
In conclusion, AWS IAM is a powerful service that helps manage access to AWS resources securely. By understanding the fundamental concepts of IAM Users, Roles, and Policies, organizations can streamline user management and enhance security. Implementing best practices such as using IAM groups to manage permissions simplifies the process, especially in large organizations. By following the steps outlined, creating and managing IAM users and groups becomes a straightforward task, ensuring that your organization’s AWS environment is both secure and efficiently managed.
