January 12, 2020
Identity and Access Management (IAM) soley about defining and managing roles and access privileges of individual network users the circumstances in which users are granted or denied privileges.
On a fundamental level, IAM encompasses the following:
AWS Identity and Access Management (IAM) allows managing access to AWS services and resources easy. AWS IAM gives the ability to create and manage AWS users and groups, and use permissions to allow or deny access to AWS resources, free of charge.
Note: Before continuing on, ensure that you have an AWS account created at aws.amazon.com
After you created your AWS account and successfully logged into AWS, head to AWS IAM by clicking Services -> Security, Identity, & Compliance -> IAM. Now, your screen should look like the one below.
This page gives you an overview of your IAM resources. Because this is just a beginners guide, we will only be touching the Users, Groups, and Roles. Below the resource section, the Security Status indicates areas where best practices should be enforced.
When you first create your account, by default you don’t have a root access key created. This is a good because we don’t want unrestricted access to our AWS resources. Following security best practices, you shouldn’t be using your root (elevated) account as your daily account - an admin account should be created, that has administrative privileges. So, because we don’t have a root access key, AWS has given us checkmark.
This next step, we will need an Multi-Factor Authentication app, Google Authenticator app is the most common:
Now it’s time to activate the MFA on our root account (account we are currently logged into) to ensure that its secure.
In this next step, we are now going to create users. Here we can now start assigning specific groups, roles, and policies to ensure that they only have the permissions they need to access the required resources.
By creating groups we can assign permissions to the users to help manage them, but most importantly to audit permissions.
Passwords are the first and foremost most important aspect in keep your account secure. Enabling best security practices towards passwords ensures that users account are much harder to hack.
We are now finally done with the security status checklist.
Congratulations, we you provisioned AWS IAM on your account. You now have enough knowledge to experiment with AWS IAM to get a better understanding of it. There is definitely a lot you now do, for example:
Again, this ia a very basic introduction to AWS IAM. I wanted to provide a general base of how to create a user, group, role, and policy to enable you to further experiment with AWS IAM.