Introduction to AWS Identity and Access Management (IAM)

Vinay Badgujar's photo
·

3 min read

AWS IAM

IAM stands for Identity and Access Management in AWS Cloud, IAM is one of the imperative services of AWS Cloud. In simple terms with IAM, you can manage users and services access to your AWS Account. IAM is a Global service of AWS, unlike EC2, an RDS or Lambda service that is bound to a specific region in AWS, you can’t switch regions in this service, because IAM is the same all over AWS and it is not bound to one particular region.

IAM Users

Whenever you create an account in AWS, a Root account is created, A Root account has all the privileges of an AWS account, and with the help of a Root account, you have all access to your AWS Cloud that is why AWS doesn’t recommend to use it or share it with anyone in your organization, instead of that you can create IAM User in AWS. Every IAM user is linked exclusively to a single AWS account, as IAM users are created within your AWS account.

When you create a user in AWS other than the Root user, it is called an IAM user, and you can permit that user, to only access the services that are required. There are different ways to access AWS Cloud through AWS Console or AWS Command Line(CLI). IAM user has a name and credentials to access AWS through Console and if you want access IAM user through CLI then you have to create Access keys for that.

IAM Groups

IAM Users can be grouped in Groups, instead of permitting them separately to access some service on AWS, you can group the IAM users inside one group and you can assign directly that permission to that IAM group which is applied to every IAM User present in that group. The group can only contain IAM Users, not the other groups. One IAM user can be part of multiple IAM Groups in the AWS cloud.

IAM Permission and Policies

You can attach JSON-based policies to your IAM Users and Groups which define their permission in the AWS cloud. To give access to one particular service you can attach the policy of that particular service to the IAM user, or you can also create your policies with your permissions and attach it to the particular IAM User or Group, and then that IAM User or Group will able to access that service in AWS Cloud. AWS recommends you work on least privileged access means only give

The permissions that are needed for that user, don’t give extra permissions.

IAM Roles

An IAM Role in AWS is a defined entity with specific permissions used to grant secure access between services or resources. It's particularly valuable when one AWS service or application needs to access another without sharing sensitive credentials like passwords. For instance, if you have a Lambda function responsible for starting and stopping EC2 instances, you'd create and assign an IAM Role to it. This allows secure interaction between the two services, Lambda and EC2, which cannot access each other directly due to their distinct natures in the AWS cloud.

In short Roles are "Delegation," and policies are "Permission"

Click Here for the reference document provided by AWS

That's All ... see you in the next reading :)

Thank you!