IAM (Identity and Access Management) in AWS
- The user with which you have created the AWS account is called as root account
- AWS account gets an account id
- Other users can be added to AWS account and given necessary permissions
- Before we get into how to create and give access, lets understand how aws access works
- For programmatic access we need ACCESS KEY ID and ACCESS KEY SECRET and for console access username & password are required
- What are different user categories in AWS
-
USER: Given typically to an employee in your to access AWS Resources. Eg: DBA, QA Engineer
-
ROLE: Given to an AWS Service to get an access on other AWS service in your account. EG: Access to EC2 machine to delete s3 buckets
-
- Users can be grouped into AWS Groups.
- Till now all of the above categories speak about authentication, but how about authorization.
- Authorization in AWS (users,groups, roles) is given by IAM Policies.
- IAM Policies are of two types
- AWS Managed Policies:
- Policies which are created by AWS for general usage
- Customer Managed Policies
- Policies which are create by User for custom usage
- Policies which are create by User for custom usage
- AWS Managed Policies:
- To create this policy we need to have good understanding of json.
Scenario
-
Lets create 3 users ironman, captian america & thor and give them console access
- Ironman would be given Managed Policy of Adminstrator
- Captian America would be given the Policy of EC2 full access
- Thor would be given the Policy of S3 full access
-
Lets create a group called as avengers.
-
Create three users
- superman
- batman
- wonderwoman
-
Attach any managed policies of your choice
-
Create a group called as JusticeLeague
