Over lay
<- Back

what is AWS IAM

AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely. IAM allows you to create and manage AWS users, groups, and roles, and assign permissions to them to access AWS resources. With IAM, you can control who has access to your AWS resources and what actions they can perform on those resources.

IAM provides several key features, including:

  • User and Group Management: IAM enables you to create and manage AWS users and groups, and assign permissions to them. You can create multiple users and groups, and assign different permissions to each of them, depending on their roles and responsibilities.

  • Role-Based Access Control: IAM allows you to create roles with specific permissions and assign them to AWS services or users. This helps in granting temporary access to resources and performing automated tasks.

  • Centralized Control: IAM provides centralized control over user access and permissions across all your AWS accounts and services.

  • Multi-Factor Authentication (MFA): IAM supports the use of MFA, which provides an extra layer of security for accessing AWS resources.

  • Audit Trail: IAM provides a detailed audit trail of all actions taken by users, including the actions taken by the root account, IAM users, and roles.

Example

Let us say you want to create access key and secret to access S3 objects. Then you can follow below steps.

  • Open the AWS Management Console and navigate to the IAM console.
  • In the left navigation pane, select "Users". Here you can create new user if needed.
  • Select the IAM user for whom you want to create the access key and secret access key.
  • In the "Security credentials" tab, locate the "Access keys" section and click "Create access key".
  • copy key and secret. Note that the secret access key will only be displayed once, so make sure to save it in a secure location.
  • This access key and secret can be used to access all services in AWS but to restrict it to S3 you can attach policy to the user
  • In the left navigation pane, select "Policies" and click "Create policy".
  • Choose the "JSON" tab to write your policy in JSON format.
  • Enter the following policy statement to grant the necessary permissions to access Amazon S3:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::example-bucket"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::example-bucket/*"
        }
    ]
}

This policy allows the user to list the contents of the example-bucket, get the location of the bucket, and perform object-level operations like get, put, and delete. You can attach policy via UI as well in case you prefer that way.

  • Click "Review policy", give it a name, and then click "Create policy".
  • Attach the policy to the IAM user by selecting the user and going to the "Permissions" tab. Then, click "Attach policy" and select the policy you just created.

Web development and Automation testing

solutions delivered!!

Logo
Courses
About
Social Media
Copyright 2024 @ www.softpost.org