Identity and Access Management (IAM) overview

Indentity and access management

IAM (Identity & Access Management) enables us to control all of our AWS resources at a very granular level. We can provide permissions for a particular person or group to access only the resources that we want them to access and only to carry out certain commands on those resources. To do this, we use access policies.

There are a number of benefits to using IAM. Firstly, we have centralized control of all our resources and those individuals that have access to the resources.  This enables you to manage all your users, their permissions and their security credentials in a single place.

IAM also gives you the ability to only grant access from specified networks (for API requests or console login). This would enable you to only provision access to those individuals sitting within your company offices – further enhancing security.

You can also set up temporary user access when needed – we can integrate with Microsoft Active Directory so that we can grant temporary permissions to users.

IAM also gives you the ability to enforce a password policy for your users & also enables you to set out MFA requirements. MFA is Multi Factor Authentication, which is used to enhance security as it requires a password and a randomly generated pass code.

IAM does have some pre built templates:

  • Admin – access to all resources & user and group management
  • Power user – access to all resources
  • Read only – read only access (could be limited to just one specific AWS services)

Groups assign permissions to more than one user at a time. This is useful when you have 100 developers and need them all to have the same permissions.

Best practice is not to use root account (the one you signed up for AWS with) – you should rather create a new account and enable MFA on both your root and new account.

API keys should never be stored or passed to an EC2 instance – IAM roles should be used instead as they provide a way for an EC2 instance to assume certain permissions.

Image used under creative commons

This article was brought to you by Netshock. Netshock aim to provide technology guides and insight to our readers

Tagged under: