Everything about Identity & Access Management (IAM) in AWS
AWS is a very vast topic and many features and resources come with it. we are going to discuss one such feature known as Identity and resource management or simply IAM. I hope by the end of this blog you’ll understand what is IAM and why it is used.
What is AWS?
AWS stands for Amazon web services, a web hosting service by Amazon. It’s a cloud-computing platform that provides the availability of computer system resources virtually.
So, instead of buying a physical computer system for storage and computing power, many companies or individuals rent these web services provided by Amazon in return for a paid subscription.
Now multiple resources come along with AWS and IAM is used to authorize these resources to a third party without jeopardizing security.
What is IAM?
To better understand this let me give an example, suppose you are the owner of an apartment which has maybe let’s say hundred twenty rooms. A buyer approaches you and you sell a room to him.
Now, my question to you is would you give him access to his room alone or access to all the rooms available in your apartment? Only his room right?
Likewise, when you create an account in AWS, your account has access to everything AWS web services have to offer.
The main account is called the root user, it’s not recommended to use your root user account for everyday tasks. You should only use your root user account for services that require root user credentials.
So, think of it like this the root user is the owner of the apartment, and the web services are the rooms.
when a third party wants to use a particular web service, would you grant him access to all web services by giving away the root user ID and password, or would you like a way in which they will only be able to use the particular services they want to use? Pretty obvious right?
This is where IAM comes in. IAM is used to share your AWS services without giving away your root user credentials.
Features of IAM
There are a few features that IAM provides us:
- Shared access
- First is obvious you can grant permission to a third party to use your AWS resources without sharing your root user ID and password
- Selective authorization
- This feature allows you to authorize different permissions to different persons/entities for different resources. Considering there are multiple resources in AWS, this feature is very helpful. For example, you can authorize a person access to Amazon EC2 resources or you can just give them read-only access to a different resource.
- IAM provides us with MFA which stands for multi-factor authorization, an extra security measure that assures that there is no breach from an outsider. MFA is a two-step authentication that aside from the password/ access key it asks for a code from an authorized device.
- Identity federation
- Identity federation is a process in which you can authorize a person or entity who already has logged in to your corporate network or an internet identity provider access to your AWS services.
- The concept of identity federation might sound alien to people who are new to AWS, I suggest you go through this article to get a better understanding of this concept.
- Identity assurance
- You can verify log records for all the permissions asked to utilize your AWS resources by utilizing the AWS CloudTrail function. This feature is a good way to keep tabs on all the authorization requests.
- Free to use
- The best remaining feature is that IAM is provided for free to your AWS account.
There are many resources in AWS and IAM is the best feature to distribute your resources to third parties hassle-free. I hope this blog gave you closer to what IAM is. To know more about IAM check AWS documentation on IAM.
Sharing is caring
Did you like what G Praveen wrote? Thank them for their work by sharing it on social media.
- How to list all files in S3 bucket with AWS CLI?
- How to block public access to your S3 bucket?