IAM - Roles

IAM Roles

Roles in AWS has special meaning. With this functionality you can define different variety of roles and assign it users or your application/service can use them.

Roles are specifically important for AWS security. Because roles use temporary credentials with services. So that we don't need to use own permanent credentials to do some operations. If somehow hackers got access to AWS infrastructure they won't able to access our cached permanent  credentials.



Here are some of advantages of using roles :

  • Reduced Risk of Credential Exposure
  • Least Privilege Principle
  • Cross-Account Access 

Let's create a role and assign it to the user 


  1. Click to "IAM" , "Roles" and then "Create role" button. 

  2. We need ARN (we talked about this in the previous post) of the user. Copy 12 digit unique ID.

  3. During role creation select "AWS account" since we are planning to add this role to user. Enter the ID we got from previous step. This ID defines our user it is unique and allows us to specify this role to this specific user.


  4. Add permissions to this user, since I am planning to grant S3 bucket access to this user, I have added S3FullAccess permission to this role.


  5. Add description and name for this role.
  6. After creating the role it will be listed here.            
  7. In order to switch to this role, click the name of the role and copy the link.
  8. When you first open the link, will face with the error message. But why ?!
  9. Okay it might be little hard to understand but, when we create new user by default all the permissions linked to that user are disabled. So is the role related permissions. We need to grant another permission to our user, so that user can take that role.


  10. Navigate to the users section in IAM. Create a inline policy.
  11. Switch to JSON view and add the permission below to the test user.



  12. After that your test user will able to use this role.
















Comments

Post a Comment

Popular posts from this blog

Identity Access Management - How to create user in IAM ?!

Image
Introduction IAM stands for Identity and Access Management. IAM is essential component of AWS allows you to create and manage access of user, role, application and control authentication/authorization. There are 4 essential components of IAM :  Users - are individuals or applications want to access to your AWS resources. Groups - are collection of users. By this you can assign permissions to group instead individual users. Roles - are special access type in IAM that allows user/resource to access another resource via temporary credentials. For example EC2 instance can access to DynamoDB or S3 bucket resources without using permanent credentials. This is possible only via Role which is great security point of view. Policies - are JSON documents that define permissions. In policies we define what actions are allowed or should be denied. This can be attached to users, groups, roles. Hands on IAM exercises :  Login to your AWS account and search for IAM :  After clicking IAM icon, you wil
Read more

AWS pricing fundamentals

Image
When using Amazon Web Services (AWS), there are three primary factors that determine your costs: Compute : This includes the amount of resources such as CPU and RAM you use, as well as the duration for which you use them. Data Storage : The quantity of data stored or allocated. Outbound Data Transfer : The amount of data transferred out from all services. It's important to be cautious and monitor your usage to avoid unexpected costs. AWS Pricing Models On Demand (Pay as you Go) The On Demand model allows you to: Easily adapt to changing business needs. Adjust based on your requirements. Reduce the risk of paying for unused capacity. Reserved Instance (Save When You Reserve) By investing in reserved capacity, such as with EC2 or RDS, you can: Ensure you have resources available for unexpected scenarios like web traffic spikes. Reserve resources for 1-3 years, which can lead to significant discounts. Save up to 75% compared to the Pay-as-you-Go model. The more you pay upfront, the gr
Read more