Let's understand IAM in AWS,
IAM stands for Identity and Access Management. It is AWS global service that helps you securely control access to AWS resources. Authorization and Authentication both are managed by IAM.
IAM provides many features as follows,
- Shared access to the Aws account
- The granular level of Permission
- Multifactor Authentication (MFA)
- Secure access to the Aws service
- Identity information about the access
Mostly used Keywords in IAM,
Root User
At the time of AWS account creation, the root user has been created with complete access to all AWS services and resources. The email id and password were used to create the account to access the root user. The root user should not use or shared as per the best practice.
User
Users represent the physical user of the Organization who holds the password for the AWS console.
Group
Groups contain the users. It helps to group the users to maintain the least privilege principle.
Roles
The role is type IAM identity that can be authenticated and authorized to utilize an AWS resource.
Policies
The policy is a Json document defining the IAM identity permissions (Users/groups). And it looks like the below.
MFA
It stands for Multi-factor Authentication. It is used to secure AWS authentication.
Access Key
Access Key is used as authentication when the AWS resources are accessed by SDK or CLI.
Best practices
- Don't Use the root user except for the account setup.
- Never share IAM user and Access keys.
- Create an account per user.
- Assign the user to a group. It is easy to maintain the Permission.
- Create a string password enforced with Multi-factor authentication (MFA)
- Use access keys for CLI/SDK.
❤️❤️Happy Learning !! ❤️❤️