Table of Contents
In this article, you’ll learn about what is AWS IAM, and the Features of IAM.
The Amazon Web Services (AWS) cloud provides a safe environment for users to launch their applications. AWS security offers users a high level of data protection at a lesser cost than an on-premises system. There are many different sorts of security services, but one of the most popular is Identity and Access Management (IAM).
AWS IAM allows you to securely manage your users’ access to AWS services and resources. You may use IAM to create and manage AWS users and groups, as well as use permissions to grant or deny access to AWS services.
What is AWS IAM?
AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS resources. It enables you to create and control services for user authentication or limit access to a certain set of people who use your AWS resources.
Components of IAM
IAM also has other fundamental components. First, there’s the user; a group is made up of several users. Policies are the engines that determine whether a connection is allowed or denied based on policy. Roles are a type of temporary credential that can be used to log in to an instance as needed.
Users in AWS
An identity with an associated credential and rights is referred to as an IAM user. This could be a user who is a real person or an application that is a real person. By defining an IAM user name for each person in your organization, you can securely manage access to AWS services.
Only one AWS account is linked with each IAM user. A freshly established user is not authorized to conduct any AWS actions by default. The benefit of one-to-one user specification is that you may allocate permissions to each user separately.
Groups in AWS
An IAM group is a grouping of IAM users. IAM groups can be used to establish permissions for many users, ensuring that any permissions granted to the group are also granted to the individual users inside it. Managing groups is straightforward.
The IAM group is a grouping of IAM users. IAM groups can be used to specify permissions for multiple users, ensuring that any permissions granted to the group are also granted to the individual members of the group. It’s simple to manage groups.
Policies in AWS
AWS resources are accessed through IAM policies, which set permissions and control access. JSON documents are used to store policies in AWS. Permissions define who has access to resources and what actions they are allowed to do. For example, a policy could grant an IAM user access to one of Amazon S3’s buckets. The following information would be included in the policy:
- Who can access it
- What actions that user can take
- Which AWS resources that user can access
- When they can be accessed
There are two types of policies: managed policies and inline policies.
- A managed policy is a default policy that you attach to multiple entities (users, groups, and roles) in your AWS account. Managed policies, whether they are AWS-managed or customer-managed, are stand-alone identity-based policies attached to multiple users and/or groups.
- Inline policies are policies that you create that are embedded directly into a single entity (user, group or role).
Roles in AWS
In the AWS console, an IAM role is a collection of permissions that govern what activities are allowed and refused by an entity. It is comparable to a user in that any form of an object can access it (an individual or AWS service). Role permissions are only used for a short period of time.
Features of IAM
To review, here are some of the main features of IAM:
- Shared access to the AWS account: IAM’s key advantage is that it allows you to delegate access and generate distinct usernames and passwords for particular users or resources.
- Granular permissions: Requests can be restricted in some ways. You can, for example, enable the user to get information but prohibit them the ability to edit it using policies.
- Multifactor authentication (MFA): IAM supports multi-factor authentication, which requires users to enter their login and password, as well as a one-time password created by their phone—a randomly generated number that serves as an additional authentication element.
- Identity Federation: If the user has already been authenticated, such as through a Facebook or Google account, IAM can be configured to trust that method and provide access based on it. This can also be used to allow users to use the same password for work on-premises and in the cloud.
- Free to use: IAM security does not come at an extra cost. There is no extra charge for adding more users, groups, or policies to your account.
- PCI DSS compliance: The Payment Card Industry Data Security Standard (PCI DSS) is a data security standard for businesses that deal with major card schemes’ branded credit cards. This criteria is met by IAM.
- Password policy: You can use the IAM password policy to remotely reset or rotate passwords. You may also specify restrictions, such as how a user should choose a password or how many password attempts a user can make before being refused access.