IDENTITY ACCESS MANAGEMENT (IAM) Features
- Centralized control of AWS account - We can access it anywhere through a browser
- Shared access to AWS Services - We can create multiple users and access the AWS Services
- Granular permissions - We can give users permission-based access
- Identity federation (including active directory, Facebook, LinkedIn, etc.)
- Multifactor authentication - We can give MFA for users to authenticate and use services securely
- Provide temporary access for user/device and services whenever necessary
- Allow users to set up their own password rotation policy.
- Integrates with many different AWS Services
- IAM also supports PCIDSS compliance.
KEY TERMS FOR IAM
- User
End-users such as employees of an organization to access the AWS resources.
- Groups
A collection of users is known as groups. Each user in the group will inherit the permission of the group.
- Policies
Policies are made up of documents called policy documents. These documents are in a format called JSON and they give permissions as to what a User / Group / Role is able to do.
- Roles
The role is defined as a set of policies/permission, we can create a role and then assign them to AWS Resources.
How to create an IAM User
Click IAM under "security and compliance" in AWS Services dropdown.
Click the "Users" tab on the left side.
Click the "Add User" button.
Fill in the details as you want and click the "Next: Permissions" button.
Select a group if already created or create the group and click the "Next: Tags" button.
Give the Key and Value if you want and click the "Next: Review" button.
Review and click the "Create User" button.
Download the CSV file without fail and don't lose the CSV file and click the "Close" button.