DEV Community

Cover image for Day 2.1: AWS IAM
Madhumitha
Madhumitha

Posted on • Edited on

Day 2.1: AWS IAM

> The AWS IAM service is a global service which means you create your users, groups, roles and policies in one place.

What is AWS IAM?
AWS IAM is a web service that helps you securely control access to AWS resources. It allows you to manage users and their level of access to the AWS resources.
To understand this, lets use an analogy,
Lets consider a theme park(cloud infrastructure). The ticket seller(IAM) decides who gets tickets(Access) to which rides(AWS resources). Users are visitors, Groups are like friend categories, and Permissions are types of rides you are allowed on.
Key terms in IAM Definition Example to understand
IAM User: A unique identity in AWS associated with specific security credentials. Alex, who has a set of credentials(username and password) to access AWS services.
IAM Group: A collection of IAM users, simplifying the management of permissions. Example: The "Developers" group includes Sarah, Mike, and Emily, who share similar access needs.
IAM Role: Similar to a user but doesn't have long-term credentials. Roles are often assumed by users, services, or AWS resources for temporary permissions. Example: A role allowing an EC2 instance to access an S3 bucket without using permanent credentials
IAM Policy: Defines permissions in JSON format. It specifies what actions are allowed or denied on which AWS resources. Policies can be attached to users, groups, or roles. Example: A policy allowing read-only access to an S3 bucket.
IAM Permissions: Actions that are allowed or denied on AWS resources. Permissions are granted through policies and determine the level of access for users or groups. Example: Permission to launch and terminate EC2 instances or read/write objects in an S3 bucket.
IAM Access key: Consists of an access key ID and a secret access key. Used to interact with AWS programmatically, like making API requests or using AWS CLI. Access key ID: AKIAYOURACCESSKEY, Secret access key: YOURSECRETACCESSKEY.
Multifactor Authentication: Adds an extra layer of security by requiring users to provide a second authentication factor (e.g., a temporary code from a hardware token or a mobile app). Using a mobile app to generate a temporary code along with a password for AWS login.
Principal: In the context of IAM, a principal is an entity that can take actions and make requests. This can be an IAM user, an IAM role, or an AWS service. Example: Alex (IAM user), an EC2 instance (IAM role), or an AWS service
Policy Document: A JSON document that defines the permissions in an IAM policy. Specifies what actions are allowed or denied and on which AWS resources. Example: JSON specifying permissions for an IAM user to list EC2 instances
Resource: In IAM policies, a resource is an AWS entity that the policy applies to, such as an S3 bucket, an EC2 instance, or an IAM user. Example: An S3 bucket (arn:aws:s3:::example-bucket) or an EC2 instance (arn:aws:ec2:region:account-id:instance/instance-id).
Condition: Part of an IAM policy that sets additional restrictions on when a policy should be applied. Conditions are based on key-value pairs, such as time of day or IP address. Example: A condition specifying access only during certain hours or from specific IP addresses.

There are different ways to access IAM, like using console or CLI or API's. After entering into IAM you can see the users, roles, apps and federated users.
Image description
Image description

Image description

Image description

Image description

Image description
IAM role: If I have a full access to my AWS account and I assume a role and that role only has read only access to S3. so now I don't have access to the AWS account as long as I am in that role.
Image description

Image description

What is IAM Password Policy?
IAM password policy is a set of rules dictating how user passwords must be structured and managed, including length, complexity, expiration, history, and lockout settings for improved security.

Top comments (0)