Shruti's Blog

Cloud Security with AWS IAM

Cloud Security with AWS IAM

Shruti Pawar's photo
Shruti Pawar
·

3 min read

Table of contents

What is AWS?

AWS is a Cloud Service Provider that enables on-demand services like compute, storage, networking, etc. which can be accessed through the internet and the user is not required to manage these resources.

Features-

image.png

image.png

image.png

image.png

image.png

image.png

Why Access Management?

AWS Identity and Access Management (IAM) provides fine-grained access control across all of AWS. With IAM, you can specify who can access which services and resources, and under which conditions. With IAM policies, you manage permissions to your workforce and systems to ensure least-privilege permissions.

# What is AWS IAM? It is security web service offered by AWS, to ensure that users get to access resources at appropriate level of permissions. It offers shared access, deals with user and group level accesses. It also controls centralized and granular level accesses.

image.png

Components of IAM?

Users

An IAM user is an identity with an associated credential and permissions attached to it. This could be an actual person who is a user, or it could be an application that is a user. With IAM, you can securely manage access to AWS services by creating an IAM user name for each employee in your organization. Each IAM user is associated with only one AWS account. By default, a newly created user is not authorized to perform any action in AWS. The advantage of having one-to-one user specification is that you can individually assign permissions to each user.

Groups

A collection of IAM users is an IAM group. You can use IAM groups to specify permissions for multiple users so that any permissions applied to the group are applied to the individual users in that group as well. Managing groups is quite easy. You set permissions for the group, and those permissions are automatically applied to all the users in the group. If you add another user to the group, the new user will automatically inherit all the policies and the permissions already assigned to that group. This lessens the administrative burden.

Policies

An IAM policy sets permission and controls access to AWS resources. Policies are stored in AWS as JSON documents. Permissions specify who has access to the resources and what actions they can perform. For example, a policy could allow an IAM user to access one of the buckets in Amazon S3. The policy would contain the following information:

Who can access it

What actions that user can take Which AWS resources that user can access When they can be accessed

Roles

An IAM role is a set of permissions that define what actions are allowed and denied by an entity in the AWS console. It is similar to a user in that it can be accessed by any type of entity (an individual or AWS service). Role permissions are temporary credentials.

For example, you might want to allow a mobile app to use AWS resources, but you do not want it to save the key, credential or password. Or you might want to give access to resources to a user who already has an identity defined outside of AWS, such as a user who already has Google or Facebook authentication. If you want to provide someone with a service or let someone access resources in your account, you can use roles for that purpose too. You also might want to grant temporary access to your account to a third party, such as a consultant or an auditor. They’re not permanent users, just users with temporary access to your environment.

AWSAWS IAMCloudCloud ComputingDevops