AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) empowers you to safely control access to AWS administrations and resources for your users. Using IAM, you can make and oversee AWS users and gatherings, and utilization consents to permit and deny their access to AWS assets.

IAM

Create individual users

After registering with AWS Account , You are suppose to create the new user and provide administrative privileges to that user, It is for security concern. If we have to provide access of AWS account to any other user then create an individual user with limited privileges.
Benefits:

  • Unique credentials
  • Individual credential rotation
  • Individual permissions
  • Steps to create an user:
    1) Access the AWS Management Console.
    2) Click on Identity & Access Management
    3) Click on Users
    4) Click on Create New Users and mention the username and Click on create.

    Manage permissions with groups:

    You can use the IAM administration to make groups and attach policies that give access to Resource Groups and Tag Editor.
    Benefits:

  • Easier to assign the same permissions to multiple users
  • Simpler to re-assign permissions based on change in responsibilities
  • Only one change to update permissions for multiple users
  • Steps to manage permissions with groups:
    1) Access the AWS Management Console.
    2) Click on Identity & Access Management
    3) Click on Group
    4) Click on Create New Groups and mention the group name and Click on Next Step.
    5) In Next step you have to Attach policy which will apply for all the members on a group. You can select upto two policies and Click on Next Step.
    6) Review the information you mention, then click Create Group to proceed.

    Grant least privilege:

    IAM users have least privilege to perform only the tasks they need to perform. So it reduces the making mistakes from people.
    Benefits:

  • More granular control
  • Less chance of people making mistakes
  • Easier to relax than to tighten up
  • Step to set Grant least privilege:
    1) Access the AWS Management Console.
    2) Click on Identity & Access Management
    3) Click on Users
    4) Select the user to whom you want to give least privileges.
    5) Scroll down and click on Attach Policy and select policy according to user requirement. You can select upto two policies after selecting policies Click on Attach Policy.

    Configure a password policy:

    You can set a secret word strategy for your AWS record to determine specify complexity requirements and rotation periods for your IAM users’ passwords. Ensures your users and your data are protected.

    Steps to configure a password policy:
    1) Access the AWS Management Console.
    2) Click on Identity & Access Management
    3) Click on Account Settings
    4) Create a password policy according to requirement , and click on Apply password policy.

    Enable Multi-Factor Authentication:

    AWS Multi-Factor Authentication (MFA) is a simple way to protect account. It is an extra layer of protection on top of user name and password. When a user signs into an AWS account, they will be asked for a user name and password as well as for an authentication code from the AWS MFA device. These different components give expanded security to your AWS account settings and resources.
    Benefits:

  • Supplements user name and password to require a one-time code during authentication.
  • Steps to Enable Multi-Factor Authentication:
    1) Access the AWS Management Console.
    2) Click on Identity & Access Management
    3) Click on Users and select the user on which you want to apply MFA
    4) Scroll down and click on Manage MFA and follow steps.

    Note:- Manage you account from MFA you will require “Google Authenticator” software in your smart phone.

    Comments
    1. 4 years ago

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    The reCAPTCHA verification period has expired. Please reload the page.