Amazon IAM- Identity and Access Management

AWS Identity and Access Management (IAM) is a web service that enables you to securely control access to AWS resources. With IAM, you can manage permissions to determine which resources users and applications can access, ensuring that only authorized individuals perform specific actions.

Core Components of AWS IAM:

1. Users: Entities representing individuals or applications, each with unique credentials (access keys, passwords, MFA devices) for interacting with AWS.
   - Users can be grouped.
2. Groups: Collections of users that simplify permission management; assigning a policy to a group grants the same permissions to all its members.
   - Groups can contain User’s but NOT GROUPS
3. Policies: JSON documents that define permissions, specifying allowed or denied actions on AWS resources; policies can be attached to users, groups, or roles.

JSON Document consists of :

Version
ID: Identifier of policy
Statement :
- Sid: Identifier of statement
- Effect: Allow/Deny
- Principal: Account/user/role to which policy applied to
- Action: List of action
- Resource: List of Resources to which actions applied to
- Condition (Optional): Conditions for which this policy is in effect.

4. Roles: Identities with specific permissions not associated with a single user; roles provide temporary access to AWS resources and can be assumed by users, applications, or services.

AWS provides multiple methods for accessing and managing your resources:

1. Management Console: Password + MFA
2. Command Line Interface (CLI)
3. Software Development Kits (SDKs)

Security Tools :

For Account => IAM Credentials Report:

• Provides a comprehensive list of all users in the AWS account.
• Includes details about their credentials, such as passwords, access keys, and their status (active or inactive).

For User => IAM Access Advisor:

• Displays the services a user has permissions for.
• Tracks the last time each service was accessed, helping to identify unused permissions for cleanup or adjustment.

Best Practices for AWS IAM:

• Enforce Least Privilege: Grant users and applications only the permissions they need to perform their tasks. Regularly review and refine permissions to ensure adherence to this principle.
• Enable Multi-Factor Authentication (MFA): Add an extra layer of security by requiring MFA for users, especially those with privileged access.
• Use IAM Roles Instead of Root Account: Avoid using the root account for daily tasks. Instead, create IAM users or roles with the necessary permissions.
• Regularly Rotate Credentials: Implement a routine to rotate access keys and passwords to reduce the risk of unauthorized access.
• Monitor IAM Activity: Utilize AWS CloudTrail to log and monitor all IAM activities, helping you detect and respond to suspicious behavior promptly.

If you found this guide helpful then do click on 👏 the button.

Follow for more Learning like this 😊

Let’s connect! Find me on LinkedIn.

If there’s a specific topic you’re curious about, feel free to drop a personal note or comment. I’m here to help you explore whatever interests you!

Thanks for spending your valuable time learning to enhance your knowledge!