DEV Community

Cover image for IDENTITY ACCESS MANAGEMENT (IAM)
Sajjad Rahman
Sajjad Rahman

Posted on • Originally published at sajjadrahman.hashnode.dev

IDENTITY ACCESS MANAGEMENT (IAM)

IAM is one of the core concepts in AWS. It’s essential to understand when working with the cloud because it controls access to resources like S3 buckets, EC2 instances, DynamoDB, and many other AWS services.

IAM is responsible for managing both authentication and authorization. This means it controls who can access AWS resources (authentication) and what actions they can perform (authorization) through a permissions-based system.

For example, imagine a computer lab where the instructor represents IAM. The instructor has full control over the lab and can assign specific tasks to students. Each student has access only to the resources and tasks assigned to them by the instructor, preventing them from accessing or modifying other resources without permission.

Additionally, sometimes the instructor assigns group projects where multiple students work together. The instructor has the authority to manage group memberships, like adding or removing students from the project based on their performance.

Similarly, in AWS, It is possible to share the root access with other people who work in the company , and they can delete the resources. So prevent the resources IAM ( authentication and authorization ) 

IAM manages access to over 200 services such as EC2, DB, KS8, etc. The account owner (root user) has the highest level of access, but they can create IAM users and roles with specific permissions, limiting access to resources based on defined policies.

Policies are sets of rules that specify what actions users, groups, or roles can perform on AWS resources. Whenever we create a user we have assigned the policy otherwise the goal is not clear what can a user do. 

User
Groups: A company must have multiple user categories, such as Developer, QA, Database, etc. 

Roles: a role as a temporary "identity". It’s like the user but not completely doing what a user can. There are some types of rules  Service-to-Service Access (EC2 accessing S3), Cross-Account Access, Temporary Access for Users 

When a user attempts to perform Actions on resources, like creating an EC2 instance, authorization to perform an Action depends on a policy. 

How do you create a User?

Reference
1) aws - us-east-1.console.aws.amazon.com/iam

Top comments (0)