Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
18 views4 pages

What Is IAM?

Uploaded by

komal rathod
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
18 views4 pages

What Is IAM?

Uploaded by

komal rathod
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

What is IAM?

o IAM stands for Identity Access Management.


o IAM allows you to manage users and their level of access to the aws console.
o It is used to set users, permissions and roles. It allows you to grant access to
the different parts of the aws platform.
o AWS Identity and Access Management is a web service that enables Amazon
Web Services (AWS) customers to manage users and user permissions in AWS.
o With IAM, Organizations can centrally manage users, security credentials such
as access keys, and permissions that control which AWS resources users can
access.
o Without IAM, Organizations with multiple users must either create multiple
user accounts, each with its own billing and subscriptions to AWS products or
share an account with a single security credential. Without IAM, you also don't
have control about the tasks that the users can do.
o IAM enables the organization to create multiple users, each with its own
security credentials, controlled and billed to a single aws account. IAM allows
the user to do only what they need to do as a part of the user's job.

Features of IAM
o Centralised control of your AWS account: You can control creation,
rotation, and cancellation of each user's security credentials. You can also
control what data in the aws system users can access and how they can
access.
o Shared Access to your AWS account: Users can share the resources for the
collaborative projects.
o Granular permissions: It is used to set a permission that user can use a
particular service but not other services.
o Identity Federation: An Identity Federation means that we can use Facebook,
Active Directory, LinkedIn, etc with IAM. Users can log in to the AWS Console
with same username and password as we log in with the Active Directory,
Facebook, etc.
o Multifactor Authentication: An AWS provides multifactor authentication as
we need to enter the username, password, and security check code to log in
to the AWS Management Console.
o Permissions based on Organizational groups: Users can be restricted to the
AWS access based on their job duties, for example, admin, developer, etc.
o Networking controls: IAM also ensures that the users can access the AWS
resources within the organization's corporate network.
o Provide temporary access for users/devices and services where
necessary: If you are using a mobile app and storing the data in AWS account,
you can do this only when you are using temporary access.
o Integrates with many different aws services: IAM is integrated with many
different aws services.
o Supports PCI DSS Compliance: PCI DSS (Payment Card Industry Data
Security Standard) is a compliance framework. If you are taking credit card
information, then you need to pay for compliance with the framework.
o Eventually Consistent: IAM service is eventually consistent as it achieves high
availability by replicating the data across multiple servers within the Amazon's
data center around the world.
o Free to use: AWS IAM is a feature of AWS account which is offered at no
additional charge. You will be charged only when you access other AWS
services by using IAM user.

IAM Identities
IAM identities are created to provide authentication for people and processes in your
aws account.

IAM identities are categorized as given below:


o IAM Users
o IAM Groups
o IAM Roles

AWS Account Root User


o When you first create an AWS account, you create an account as a root user
identity which is used to sign in to AWS.
o You can sign to the AWS Management Console by entering your email
address and password. The combination of email address and password is
known as root user credentials.
o When you sign in to AWS account as a root user, you have unrestricted access
to all the resources in AWS account.
o The Root user can also access the billing information as well as can change the
password also.

What is a Role?
o A role is a set of permissions that grant access to actions and resources in
AWS. These permissions are attached to the role, not to an IAM User or a
group.
o An IAM User can use a role in the same AWS account or a different account.
o An IAM User is similar to an IAM User; role is also an AWS identity with
permission policies that determine what the identity can and cannot do in
AWS.
o A role is not uniquely associated with a single person; it can be used by
anyone who needs it.
o A role does not have long term security credential, i.e., password or security
key. Instead, if the user uses a role, temporarily security credentials are created
and provided to the user.
o You can use the roles to delegate access to users, applications or services that
generally do not have access to your AWS resources.

Situations in which "IAM Roles" can be used:


o Sometimes you want to grant the users to access the AWS resources in your AWS
account.
o Sometimes you want to grant the users to access the AWS resources in another AWS
account.
o It also allows the mobile app to access the AWS resources, but not want to store the
keys in the app.
o It can be used to grant access to the AWS resources which have identities outside of
AWS.
o It can also be used to grant access to the AWS resources to the third party so that
they can perform an audit on AWS resources.

You might also like