Demystifying AWS IAM: The Ultimate Guide to Identity and Access Management - 1
Everything about AWS IAM Service- Part 1
Introduction :
Amazon Web Services is a leading cloud services provider. Identity and Access Management, abbreviated as IAM, is a web service that helps control access to AWS Services and Resources. It is a Global Service. It enables us to securely manage users, groups, and roles to access the AWS services. It gives us control over who can and cannot access certain services in AWS. Let us see the detailed versions of Users, Groups, and Roles.
Users and Groups :
Users are people within your organization and can be made to group accordingly.
Groups contain users, and It doesn't include internal groups.
Users don't have to belong to a group, and they can be in multiple groups.
(Helpful Tip: Using Root Account Details should not be used or shared; always use user credentials)
Permissions :
Users or Groups defined In JSON Documents called Policies.
Policies explain the permissions for the users.
AWS follows the Least Privilege Principle and doesn't give access to licenses that the user needs.
Policies Structure :
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListObjectsInBucket",
"Effect": "Allow",
"Principal": {
"AWS": ["arn:aws:iam::123456789012:root"]
},
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::bucket-name"]
},
{
"Sid": "AllObjectActions",
"Effect": "Allow",
"Action": "s3:*Object",
"Resource": ["arn:aws:s3:::bucket-name/*"]
}
]
Consists of :
Version: policy language version, always include "2012-10-17".
Id: an identifier for the policy (Optional).
Statement: one or more individual statements(required).
Statement Consists of :
Sid: An Identifier for the statement (Optional).
Effect: whether the information allows or denies access.
Principal: account/user/role to which policy was applied.
Action: list of activities this policy allows or denies
Resources: list of resources to which this policy applies.
Conditions: condition for which this policy gets applied.
Conclusion :
I have divided each Service into multiple blogs to keep the blog crisp and clear. It will keep the information short and easy to grasp, making the readers understand better and learn. Please check my profile for continuation. Please leave out feedback in the comments and follow for more.
Thank you for Reading.
For More Information regarding IAM, read it here on the official site of AWS IAM
-Vijay