IAM Introduction
IAM: Identity and access management, It's a global service.
User: Users are people within your organization.
Group: The group only contains users. A user can be part of multiple groups.
IAM Permissions: Can be assigned JSON Documents called policies. These policies define the permissions of the user.
In AWS we can apply the least privilege principle and not give more permission than a user needs.
IAM Policies:
Consist of JSON file:
{
“Version”: “2012–10–17”,
“Statement”: {“Effect”: “Allow”,
“Action”: [“iam:Get*”,“iam:List*”],
“Resource”: “*”
}
}
Effect: Whether the statement allows or denies access [ALLOW, DENY]
Principle: Account/user/role to which this policy is applied.
Action: list of actions the policy allow or deny.
Resources: List of resources to which the action applied.
Condition: Condition for when this policy is in effect.
IAM MFA (Multi-Factor Authentication)
MFA=Password you know+Security device you know.
MFA Device Options in AWS Cloud
Virtual MFA Device: a) Google authenticator [Phone only]
b)Authy: Can be used for multideviced.
Universal 2nd factor (U2F) Security key: Support for multiple root and IAM users using a single security key.
Hardware key Fob MFA Device: Provided by Gemalto.
Hardware key fob MFA Device for AWS GovCloud [US].
AWS Access Key, CLI, and SDK
AWS management console [Protected by password+ MFA].
AWS Command line Interface CLI [Protected by access keys].
AWS Software Developer Kit [SDK]: used with code [Protected by access keys].
Access keys are secret, just like a password. Don't share those access keys.
Access key ID: Username
Secret Access Key: Password
SDK: Software Development Kit, enables you to access and manage aws service programmatically. Embedded with your application.
AWS CLI Set up in Windows
msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi
msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi /qn
Now check the version of it by
aws --version
AWS Cloudshell.
It is a browser-based shell that makes it easier to securely manage, explore, and interact with your AWS resources.
Cloudshell is only available in some regions only.
Upload and download features in Cloudshell of files and folders.
In conclusion, AWS IAM is your key to a secure and efficient cloud setup. From user management to policies and multi-factor authentication, we've covered the essentials. Always follow the principle of least privilege.
Ready to elevate your AWS security? Share this guide and stay tuned for more insights. Explore, innovate, and secure your cloud journey with confidence!
Thank you for joining us on this IAM adventure. Until next time!