What is AWS IAM? How to create IAM User?

Introduction

  • IN AWS There are Two types of Users One is the AWS Root User and the other user is AWS Identity and Access Management User (IAM).
  • AWS Account creation starts with one Identity that has complete access to all AWS services ( More than 200 services) Which is called AWS Root user, we can sign in as a root user with an Email id and password which is used while creating an account and for IAM user created by the Root user or IAM Administrator

    Root User

  • The Root user has complete access to all AWS services
  • For the Creation of Accounts only we require a Root user, Instead, create a user and Access the AWS Services
  • The root user has a complete set of permissions and should not be given to others Instead of using Root, it's always advisable to create IAM User

What are IAM Services?

  • IAM User
  • IAM Groups
  • IAM Policies
  • IAM Roles

Detailed Explanation about IAM

I: Identity → Authorization

A: Access → Authentication

M: Management → Management

Identity

Identity is of Two Types 1) IAM User 2) IAM Role

IAM User

  • In an organization, we have to allot IAM users to the employee
  • The organization won't provide Root user Credentials to employees, Instead, it creates - IAM User
  • IAM User permits users to give external access to the AWS console

IAM Role

  • IAM Role is also one type of identity
  • IAM Role is Temporary access to the Service of AWS where Access key and Secret key are temporary and changes with time
  • IAM Role is which permits Internal Access, which provides access and action upon all the services of AWS with required permissions

    IAM Policies

  • IAM Policy comes under Access Management
  • IAM Policies are of two types they are 1) AWS Managed Policies
  • These policies are Managed by AWS and we can say these are Predefined policies
  • For Example : a) Administrator Full Access b) S3 Full permission c) Read-only Access 2) Customer-managed Policies Fine grain permissions are managed by the customers and they write their own policies

    Format for writing IAM Policy?

  • AWS Policy Exists in JSON Format
  • It Includes :
    {
      "Version": "2012-10-17",
      "Statement": [
          {
              "Action": "ec2:*",
              "Resource": "*",
              "Effect": "Allow",
              "Condition": {
                  "StringEquals": {
                      "ec2:Region": "us-east-2"
                  }
              }
          }
      ]
    }
    
  • The Policy includes Version, Statement, Effect, Action, Resources in common
  • The version number is when this policy came into exist
  • The effect should be " Allow " or "Deny "
  • In Actions, if it is * then you are giving Full Administrator Access

    IAM Group

  • Adding Policy to all users is tough, We cant attach a single policy to a single user
  • So We can place each team in one group and we can attach One policy to Each Group

    How Can we Access AWS?

    We can access AWS by using 4 Ways

  • 1.Console
  • 2.CLI
  • 3.Programmatic Access
  • 4.HTTP/API

How To create IAM User?

1) Log in to Aws Console and select region

2) Select the IAM service

3) Select Users

4) Add Users

5) Select Access type

  • programmatic Access
  • AWS Management Console Access

6) I Selected AWS Management Console Access

7) In Console password Select Autogenerated Password

8) In Require Password reset select User Must Create a New Password at Next sign in

9) Click on Next

10) Click on Attach Existing policies

  • By Default AWS is providing 665 Policies

11) Click on Tags

12)Click on Review

13)Click on Create User

14) You can download the CSV file , where you can get user name and password and link to Access

15 ) Now login as IAM User

16)provide 12 digit account number which is given in csv file

17)Give IAM user and Password

18)Click on sign-in

20)Now it prompts for Password Change

21)Now IAM user is Created and we logged in

Did you find this article valuable?

Support Cloudnloud Tech Community by becoming a sponsor. Any amount is appreciated!