Identity Access Management - How to create user in IAM ?!

Introduction

IAM stands for Identity and Access Management. IAM is essential component of

AWS allows you to create and manage access of user, role, application and control authentication/authorization.

There are 4 essential components of IAM :

  •  Users - are individuals or applications want to access to your AWS resources.
  • Groups - are collection of users. By this you can assign permissions to group instead individual users.
  • Roles - are special access type in IAM that allows user/resource to access another resource via temporary credentials. For example EC2 instance can access to DynamoDB or S3 bucket resources without using permanent credentials. This is possible only via Role which is great security point of view.
  • Policies - are JSON documents that define permissions. In policies we define what actions are allowed or should be denied. This can be attached to users, groups, roles.


Hands on IAM exercises :


  1.  Login to your AWS account and search for IAM : 



  2. After clicking IAM icon, you will be redirected to IAM dashboard. Where you will be able to see detailed overview of user groups, users, roles etc. 



  3.  How to create user in IAM ?! Click to Users on the left pane. You will be able to see "Create User" button on the right side of the page. 


     

  4.  Second step of creating user is attaching permission to them. This part is little tricky if you don't have experience with policies and permissions I highly recommend to perform this action on testing environment. Here we can add user to the group or attach policies directly to that user. 

  5. I want to provide full EC2 and EC2 related services (load balancers, cloudwatch etc.) access to that user, that is why I search EC2 keyword in searchbox and find related policy there. Check the box and add the policy to that user. If we don't attach any policy or add user to existing groups, after successful login newly created user will face with many errors because of the access/permission issues.
  6. After completing all these steps, we can provide access to console for that user, see credentials or reset the password. 



  7.  If we sign in with provided credentials, will see that we have no access to resources except EC2 which we can fully manage. 
    As explained in the steps above.









Comments

Post a Comment

Popular posts from this blog

AWS pricing fundamentals

Image
When using Amazon Web Services (AWS), there are three primary factors that determine your costs: Compute : This includes the amount of resources such as CPU and RAM you use, as well as the duration for which you use them. Data Storage : The quantity of data stored or allocated. Outbound Data Transfer : The amount of data transferred out from all services. It's important to be cautious and monitor your usage to avoid unexpected costs. AWS Pricing Models On Demand (Pay as you Go) The On Demand model allows you to: Easily adapt to changing business needs. Adjust based on your requirements. Reduce the risk of paying for unused capacity. Reserved Instance (Save When You Reserve) By investing in reserved capacity, such as with EC2 or RDS, you can: Ensure you have resources available for unexpected scenarios like web traffic spikes. Reserve resources for 1-3 years, which can lead to significant discounts. Save up to 75% compared to the Pay-as-you-Go model. The more you pay upfront, the gr
Read more

IAM - Roles

Image
IAM Roles Roles in AWS has special meaning. With this functionality you can define different variety of roles and assign it users or your application/service can use them. Roles are specifically important for AWS security. Because roles use temporary credentials with services. So that we don't need to use own permanent credentials to do some operations. If somehow hackers got access to AWS infrastructure they won't able to access our cached permanent  credentials. Here are some of advantages of using roles : Reduced Risk of Credential Exposure Least Privilege Principle Cross-Account Access  Let's create a role and assign it to the user  Click to "IAM" , "Roles" and then "Create role" button.  We need ARN (we talked about this in the previous post) of the user. Copy 12 digit unique ID. During role creation select "AWS account" since we are planning to add this role to user. Enter the ID we got from previous step. This ID defines our us
Read more