What is AWS IAM? How to create IAM User?
Introduction
- IN AWS There are Two types of Users One is the AWS Root User and the other user is AWS Identity and Access Management User (IAM).
- AWS Account creation starts with one Identity that has complete access to all AWS services ( More than 200 services) Which is called AWS Root user, we can sign in as a root user with an Email id and password which is used while creating an account and for IAM user created by the Root user or IAM Administrator
Root User
- The Root user has complete access to all AWS services
- For the Creation of Accounts only we require a Root user, Instead, create a user and Access the AWS Services
- The root user has a complete set of permissions and should not be given to others Instead of using Root, it's always advisable to create IAM User
What are IAM Services?
- IAM User
- IAM Groups
- IAM Policies
- IAM Roles
Detailed Explanation about IAM
I: Identity → Authorization
A: Access → Authentication
M: Management → Management
Identity
Identity is of Two Types 1) IAM User 2) IAM Role
IAM User
- In an organization, we have to allot IAM users to the employee
- The organization won't provide Root user Credentials to employees, Instead, it creates - IAM User
- IAM User permits users to give external access to the AWS console
IAM Role
- IAM Role is also one type of identity
- IAM Role is Temporary access to the Service of AWS where Access key and Secret key are temporary and changes with time
- IAM Role is which permits Internal Access, which provides access and action upon all the services of AWS with required permissions
IAM Policies
- IAM Policy comes under Access Management
- IAM Policies are of two types they are 1) AWS Managed Policies
- These policies are Managed by AWS and we can say these are Predefined policies
- For Example :
a) Administrator Full Access
b) S3 Full permission
c) Read-only Access
2) Customer-managed Policies Fine grain permissions are managed by the customers and they write their own policies
Format for writing IAM Policy?
- AWS Policy Exists in JSON Format
- It Includes :
{ "Version": "2012-10-17", "Statement": [ { "Action": "ec2:*", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ec2:Region": "us-east-2" } } } ] }
- The Policy includes Version, Statement, Effect, Action, Resources in common
- The version number is when this policy came into exist
- The effect should be " Allow " or "Deny "
- In Actions, if it is * then you are giving Full Administrator Access
IAM Group
- Adding Policy to all users is tough, We cant attach a single policy to a single user
So We can place each team in one group and we can attach One policy to Each Group
How Can we Access AWS?
We can access AWS by using 4 Ways
- 1.Console
- 2.CLI
- 3.Programmatic Access
- 4.HTTP/API
How To create IAM User?
1) Log in to Aws Console and select region
2) Select the IAM service
3) Select Users
4) Add Users
5) Select Access type
- programmatic Access
- AWS Management Console Access
6) I Selected AWS Management Console Access
7) In Console password Select Autogenerated Password
8) In Require Password reset select User Must Create a New Password at Next sign in
9) Click on Next
10) Click on Attach Existing policies
- By Default AWS is providing 665 Policies
11) Click on Tags
12)Click on Review
13)Click on Create User
14) You can download the CSV file , where you can get user name and password and link to Access
15 ) Now login as IAM User
16)provide 12 digit account number which is given in csv file
17)Give IAM user and Password
18)Click on sign-in
20)Now it prompts for Password Change
21)Now IAM user is Created and we logged in