Overview Features and Procedure to Implement AWS IAM
What is AWS IAM
AWS IAM is an abbreviation for AWS Identity and Access Management. It is a service provided by Amazon Web Services (AWS) to set/control access rights to various AWS resources.
What You Can Do With AWS IAM
- By using Security Assertion Markup Language (SAML) ID Federation and AWS Directory Service one can integrate AWS IAM with Microsoft Active Directory.
- Roles can be created to control the operations that an entity or AWS service (such as an EC 2 instance) can perform.
- IAM service provides access to the AWS management console, the AWS API, and the AWS command line interface (CLI).
- One can create users and groups in AWS to allow and deny access to AWS resources.
How to Create, Set Up and Sign in as an AWS IAM User
- Click on user button
- Enter username, check Access by program and Access to AWS management console
- Press the create group button
- Select the authority of the group and press Create Group button
- Select the created group and press the next step: confirm button
- Check the contents of the user to be created and Click on Create User button
- User is now created
- Users who have access to the AWS management console can sign in with “<Sign in URL >”
AWS IAM Users and Groups
Users can be defined as an individual, system, or application that requires access to the AWS service. A user account consists of a unique name and security credentials such as password, access key, multi-factor authentication (MFA). For accessing AWS management console a password is required.
Authorization and Authentication using AWS IAM
When developing or operating applications on AWS, users of AWS will access the AWS management console and operate resources such as creating, stopping and restarting EC 2 instances. When performing these operations, you need to authenticate using the identity information of the user account (IAM User) managed by AWS Identity and Access Management (IAM).
AWS STS
AWS Security Token Service (STS) is a short name for AWS Security Token Service (STS). With help of this one can create temporary users with authority to access resources on AWS.
Types of Policies
AWS management policy – It is a policy created in advance by AWS and provided on IAM.
Customer management policy – This is a kind of created and managed by users. It does not exist in the AWS management policy and you can create your own policy.
Inline Policy – This policy is created in IAM user and IAM group role. Unlike customer management policy, it cannot be reused for other IAM users and IAM group roles.
Monitor activity on AWS account
One can activate the logging functionality provided through AWS ‘CloudTrail, S3, CloudFront and check the actions the user performed on the account and the resources used. The log file shows source IP of the action, time and date of the operation and failed due to improper permissions, and so on.
Target for IAM Role
- Custom code
- Amazon EC 2 instance
- An individual
- Other AWS services
Overview of AWS
AWS is a generic term for various cloud services provided by Amazon and is a short name for Amazon Web Services. It is not necessary to prepare a server computer etc for oneself, so virtual machines suitable for the purpose, such as servers and databases can be used immediately. From a simple web server, you can choose services and performance tailored to your purpose, such as machine learning and analysis of big data.
