Introduction to AWS IAM Service

You can use AWS IAM service in order to securely control your users’ access to AWS services and resources. You can also use the AWS IAM service to set up and manage different AWS groups and users, as well as use authorizations to grant as well as deny access to AWS resources.

In AWS, the abbreviation of IAM is Identity and Access Management. AWS IAM provides reasonable access control across the entire Amazon Web Service platform. You can use IAM to control who has access to which resources and services and under what conditions.

AWS IAM is one of the security services used in AWS. Some other security services used in AWS are:

1. KMS
2. Cognito
3. WAF

You can also explore: AWS Firewall Manager

You can use IAM to create groups and grant those users or groups access to specific servers or deny them access to the service. Organizations can centrally manage users and security credentials like access keys with IAM.

Before proceeding any further, let’s go through the topics that we will be covering in this blog:

1. Components/Identities of IAM
2. Features of IAM
3. Benefits of IAM
4. Limitations of IAM
5. What is the need of using IAM?
6. How does AWS work?

Components/Identities of AWS IAM

There are various components/identities of IAM. Here are the components/identities of AWS IAM:

You can also explore: Introduction to Amazon Kinesis Service

1. Users:
   An IAM user is an identity with a credential and its permissions. This could be a real person who is a user or an application that is a user.
   
   An entity user’s intent in IAM is similar to that of other websites such as Meta. Users are given a username and a password. These credentials will last for a long time. To log into the AWS console, you can also use these credentials
   
   
2. Group:
   An IAM group is a collection of IAM users. To specify authorization for multiple users, you can use IAM groups. Once permissions are placed into a group, those permissions are also set to the individual users within that group.
   
   
3. Policy:
   Once you call an AWS API, IAM evaluates one or more policies to determine if the call is valid. Policies are of two types: identity policies and resource policies.
   
   
4. Role:
   IAM Roles define what actions are allowed and denied by an entity in the AWS console. Roles grant temporary access to an AWS account.
   
   Furthermore, you can establish such momentary credentials to trust third-party services or other AWS services.

You can also explore: Introduction to AWS Trusted Advisor

Features of AWS IAM

Here are the features of IAM:

1. IAM enables you to create unique usernames and passwords for specific users or resources and delegate access to them.
2. It’s completely free to use—no extra cost for IAM security or adding new users, groups, or policies.
3. You can reset a password using the IAM password policy. You can specify how many times a user can try to enter a password before being denied access.
4. IAM supports Multi-factor authentication. MFA requires users to input their username, password, and a one-time password (OTP) from their phone.
5. IAM allows granular permissions. For example, you can enable users to download data but deny them the ability to update the data through the policies.

You can also explore: Introduction to AWS Fargate

Benefits of AWS IAM

There are many benefits of IAM. Some of those benefits are:

1. Increased security
2. Intuitive integration with AWS services
3. Fine-grained command and control
4. Make use of external identity systems
5. Issues credentials temporarily
6. Adaptive security credential management

Limitations of AWS IAM

AWS IAM is, without a doubt, the most effective way to manage AWS user identities. However, there is a limit as AWS IAM only manages AWS user identities. Different solutions would be needed to control access to AWS servers as many resources fall outside of AWS, such as Office 365, Azure, etc.

Explore Free Online Courses with Certificates

What is the need of using AWS IAM?

When AWS or IAM wasn’t there, the credentials were often shared insecurely. Those credentials were often shared over messages, emails, or calls. And because of that, eavesdropping was becoming a significant threat.

Sometimes there could only be one admin password, and a single individual can reset it. This all was a lot of hassle. And, at the same time, it was insecure too. But, IAM almost ended this flaw by granting users or groups access to a set of information. This information can only be fetched by an authorized individual, users, or a group.

You can also explore: Introduction to Amazon EMR (Elastic MapReduce)

How does AWS IAM work?

The IAM workflow includes the following components:

1. Principal: It is an entity able to perform actions on an AWS resource. A principal can be a user, a role, or an application.
2. Authentication: It is the process of validating the principal’s identity attempting to access an AWS product.
3. Request: A principal sends a request to AWS, providing details of the resource they plan to use and which resource should carry it out.
4. Authorization: IAM will only allow a request if the policy allows it. AWS approves the action after authenticating and authorizing the request.
5. Actions: This allows you to view, create, edit, or delete a resource.
6. Resources: Actions are carried out on the resources in your AWS account.

If you want to learn more about AWS security services/resources, you can refer to these blogs:

Recently completed any professional course/certification from the market? Tell us what liked or disliked in the course for more curated content.

Click here to submit its review with Shiksha Online.