Joshua Cruz

A Beginners Guide to AWS IAM

January 12, 2020

Introduction

Identity and Access Management (IAM) soley about defining and managing roles and access privileges of individual network users the circumstances in which users are granted or denied privileges.

On a fundamental level, IAM encompasses the following:

AWS Identity and Access Management (IAM) allows managing access to AWS services and resources easy. AWS IAM gives the ability to create and manage AWS users and groups, and use permissions to allow or deny access to AWS resources, free of charge.

Note: Before continuing on, ensure that you have an AWS account created at aws.amazon.com

AWS IAM

After you created your AWS account and successfully logged into AWS, head to AWS IAM by clicking Services -> Security, Identity, & Compliance -> IAM. Now, your screen should look like the one below.

AWS IAM security status

This page gives you an overview of your IAM resources. Because this is just a beginners guide, we will only be touching the Users, Groups, and Roles. Below the resource section, the Security Status indicates areas where best practices should be enforced.

Security Status Checklist

Delete your root access keys

When you first create your account, by default you don’t have a root access key created. This is a good because we don’t want unrestricted access to our AWS resources. Following security best practices, you shouldn’t be using your root (elevated) account as your daily account - an admin account should be created, that has administrative privileges. So, because we don’t have a root access key, AWS has given us checkmark.

Activate MFA on your root account

This next step, we will need an Multi-Factor Authentication app, Google Authenticator app is the most common:

Now it’s time to activate the MFA on our root account (account we are currently logged into) to ensure that its secure. MFA1 MFA2 MFA3 MFA4 MFA5 MFA6 MFA7

Create individual IAM users

In this next step, we are now going to create users. Here we can now start assigning specific groups, roles, and policies to ensure that they only have the permissions they need to access the required resources.

user1 1 user1 2 user1 3 user1 4 user1 5 user1 6 user1 7

User groups to assign permissions

By creating groups we can assign permissions to the users to help manage them, but most importantly to audit permissions.

group1 1 group1 2 group1 3 group1 4 group1 5

Apply an IAM passowrd policy

Passwords are the first and foremost most important aspect in keep your account secure. Enabling best security practices towards passwords ensures that users account are much harder to hack.

password1 password2 password3 password4

Security Status Complete

We are now finally done with the security status checklist.

security status complete

Congratulations, we you provisioned AWS IAM on your account. You now have enough knowledge to experiment with AWS IAM to get a better understanding of it. There is definitely a lot you now do, for example:

Conclusion

Again, this ia a very basic introduction to AWS IAM. I wanted to provide a general base of how to create a user, group, role, and policy to enable you to further experiment with AWS IAM.