Day 2: Identity and Access Management (IAM)
Today I learned about IAM.
IAM is a small tool that enables us to restrict who gains access to the AWS console and which services. And its primary function is to create users, grant those users permission, form groups, and manage access to AWS resources.
The root account must be protected using MFA (multi-factor authentication), and it should not be used frequently; preferably, a user with administrator access should be created using the IAM service. This procedure can help us protect our root account.
Let’s look at what users, groups, and roles in IAM are mostly used for.
The user is simply a physical being. We are creating one user for one person’s use only and giving the least privilege to that user, which must satisfy the user’s needs to work.
Instantly I’m going to show you how to create a user in the AWS console.
Foremost, get into the AWS console and enter the IAM console; after that, click the Create User button on the right.
then you will get a screen like this to fill in all your required details and click next.
Now that you guys see these options, we will examine each and everyone in future blogs. For now, just select Attach policy directly, select Administrator policy on that, and create it. And now you have successfully created a user with administrator privileges.
Okay, now let’s talk about groups.
Groups are nothing more than a way to manage a group of users’ permissions in an isolated area. And this is the best practice for creating a user and provisioning the required permissions to it. Because creating a group with permission and adding the user to the specific group is more legitimate than creating users with permission.
Let’s see how to get done with this group.
First, enter into the IAM service and select user group; from there, select creates groups; after that, it shows a page like this; enter the required details and add permission to the group.
After entering into the newly created group and adding users to the group, we can now easily give administrator access to a user.
Now the last topic is “Roles.”
IAM roles define a set of permissions that determine what actions an entity can perform on specific AWS resources. Once a role is created, AWS assigns a unique ARN (Amazon Resource Name) to the role, which can then be used to grant permissions to the role.
If the roles aren’t understood properly, we will do some hands-on work in the future, at which time you can get things clear. As of now, you remain giving permission to a service to only access this service, and you have no right access to all the resources like that.
Now I’m going to show you how to create a role. First, get into the IAM service and click roles, then click the Create role button.
After that, you will have a lot of options. For now, our goal is to create a role for the Ec2 instance and give permission for it to access the S3 service only.
For that, provide the required details and the S3 permission on them.
Now you can use this role on any EC2 instance to limit its privileges. That’s all I have learned today, and I’d like to share it with you all.
For more content, just click the “Follow” button to get regular updates.
