Marvel's Space

Introduction to AWS Identity and Access Management

Photo by Brett Jordan on Unsplash

Introduction to AWS Identity and Access Management

Marvellous Kalu's photo
Marvellous Kalu
·

6 min read

Table of contents

In this day and age where cloud computing is the next big thing (or even the current big thing), as more companies are migrating resources to the cloud and taking advantage of its value, one cloud provider seems to have dominated the space- Amazon Web Service.

Amazon Web Service (AWS) is a cloud platform with over 200 services, thus making it faster, more cost-effective, and more accessible for its customers to move existing applications to the cloud and build on them. One such service offered by AWS is Identity and Access Management.

What is AWS Identity and Access Management

Identity and Access Management (IAM) is a web service created by Amazon that securely regulates access to your AWS account. It decides the authentication and authorization of your AWS account.

With IAM, you can:

  • Assign permission for a specific service to a user or group of users.

  • Securely provide credentials for applications that run on EC2 instances

  • Add two-factor authentication to your account and individual users for extra security. This feature allows you or your users to provide code from a specially configured device, thus providing additional protection to your account.

  • Allow users who have their passwords elsewhere- for example, with an internet provider- to get temporary access to your AWS account.

  • Get access to a wide range of AWS services.

    Key Concepts of IAM

    IAM comprises four core concepts: Users, groups, roles, and policies.

  1. Users

    This refers to a specific entity that you can create in AWS. This entity can receive personal logins and permissions from the root user.

  2. Group

    This refers to a collection of users with a specific theme. The concept of a group is for the easy authorization and management of permission across several users. A group can contain as many users as possible, but it cannot allow the nesting of another group to it.

  3. Roles

    This is an IAM identity that you can create in your account that has specific permissions. It is similar to an IAM user in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, it isn’t uniquely associated with one person, as it can be assumed by anyone who needs it. Also, rather than having passwords or access keys, when a user takes a role, they are provided with temporary security credentials for the role session. Are you still confused about IAM roles? Read this documentation.

  4. Policies

    These are objects that define the permission given to an entity or resource.

Three Basic Actions Every Beginner Should Carry Out in AWS IAM.

This section offers the step-by-step process to:

  1. Create an IAM user in your account

  2. Create and Add users to a group

  3. Create roles in AWS

How to Create an IAM User in Your Account

  1. Sign in to your AWS console. If you do not have an account, create one for free here.

  2. If you have an account already or have created one, a page like this shows up. Ensure you click root user, enter your root user email address and click next.

  3. Enter your password and click on sign in.

  4. Once signed in, go under your navigation dashboard and click user.

  5. A new page will come up. Next, click on add user.

  6. Next, enter the username of your choice. Under the section to select AWS credential type, tick both boxes. Once done, a new section pops up. Under the section for console password, choose the custom password and enter the password you want. You can also choose to tick the box for required password reset so that the next time the user logs in, they are forced to create a new password, but if you want to continue using the password you set, you can uncheck the box. For this tutorial, we will leave the box unchecked. Once all this is done, go ahead and click next.

  7. Next, add a policy to that user. To attach a policy to the user, click on attach existing policies directly.

    Once that is done, the policies board pops up below. Use the search bar to look for any service you want to grant the user access. For this user, we want full access to S3bucket, so I will search for that, select it and click on next tags.

  8. Next, you are required to create a tag for the user. This is optional, so if you want to, you can go ahead; else, you skip it. To learn more about IAM tags, read this documentation here. For this tutorial, we won’t need tags, so go ahead to click on next.

  9. Your review page should display this information if you have gotten everything right up until now. If correct, click on create user.

  10. Viola! You have created an IAM user in your AWS account.

How to Create and Add Users to a Group

  1. Go to your IAM dashboard. In the navigation dashboard, click on user groups.

  2. On the page that pops up, click on create group.

  3. Now, enter your desired group name. Ensure you use alphanumeric and '+=,.@-_' characters.

    Below that, you have the option to select a user and add them to the group. We will add the user we created initially for this tutorial.

    Next, you can attach permission policies for this user. To do this, you use the search bar to look for the service you want to give the user access.

    After that, click on create group to complete this process.

  4. Voila! You have successfully created and added a user to a group.

How to Create a Role

  1. Go to your IAM dashboard. In the navigation dashboard, click on roles.

  2. On the page that comes up, click on create roles.

  3. Now, under the trusted entity type section, select AWS service, and under the use-case, you can search for the service you would like to choose. For this tutorial, we will be using the EC2 service. After that, click on Next.

  4. It's time to attach permission to this role. Use the search bar to determine the service you want to attach permission to. For this tutorial, we will be adding permissions for S3. You can attach permission for more than one service. Click Next to move to the next stage.

  5. Choose a role name, and add a description. You can also add a tag. Next, scroll down and click on Next to continue.

  6. Viola! You have successfully created a role

Conclusion

In this article, we have successfully introduced AWS Identity and Management service and given detailed steps to create a new user in your AWS account and create user groups and a role.

AWSAWS IAMCloud Computing