Identity and Access Management (IAM) is the security service offered by Amazon’s cloud service provider platform. It is an important concept of AWS as it is used to access and manage data securely on the cloud using its components. The IAM service validates the user how much access he has and to what extent/resources he can use.

Let’s start with AWS IAM’s working, components, and features.

What is AWS IAM?

IAM in Amazon web services is the permission system that regulates access to AWS cloud resources and the Administrator can set who can access and how much. It allows the root user to assign broad or specific permissions to groups of users of an individual. Broad permissions include providing access to an entire AWS service whereas specific permission could include providing access to a particular S3 bucket:

Features of IAM

Some of the important features are mentioned below:

Free of Cost: Regardless of how many users, policies, and groups have been created in the IAM service, it costs nothing as the AWS platform offers it free of cost.

Enhanced Security: IAM service is specifically designed to enhance the security on the cloud, and it is done by attaching policies to the users or group providing them access to the AWS resources.

Credential Management: Each IAM user has its security credentials attached to it in the form of “Access” and “Security” keys. The access key is the public key, whereas the Security key is private, and these are available only once at the end of user creation. If the user loses these credentials, they have to create new credentials making previous credentials “Inactive” from the platform.

MFA: AWS offers the user to enable Multi-Factor Authentication, which will ask for the password of the root user and another password from the MFA application at the time of signing in:

Components of IAM

Some of the main components of IAM are mentioned below:

IAM Users: These are individual users consuming AWS services, and they can be assigned their credentials.

IAM Groups: These are collections of users with a common set of authentications.

IAM Policies: These are the most important components of IAM as they allow the low-level permissions to allow or deny access to AWS resources.

IAM Roles: Roles are the collection of policies for example the user can create a role with access to Database Read and write permissions:

Working with AWS IAM

To use the IAM service, head into the AWS dashboard search for the service, and click on it:

On the IAM dashboard, expand the “Access Management” tab and click on the “Users” page:

Click on the “Add users” button from the page:

Type the name of the user and click on the “Next” button:

Select the “Attach policies directly” option from the permission options section:

Scroll down the page to select policies attached to the user:

Click on the “Next” button from the bottom of the page:

Review the user configurations and click on the “Create user” button:

IAM user has been created. Simply head into the “Security credentials” section:

Locate the “Access keys” section and click on the “Create access key” button:

Select the purpose to create the security credentials for IAM users:

Tick the check box for the policy acknowledgment statement and click on the “Next” button:

On this page, click on the “Create access key” button:

The security credentials have been displayed. Save them for later use by downloading the CSV file offered by the platform:

You have successfully created an IAM user and also created security credentials for that user.

Conclusion

Identity and Access Management (IAM) service is offered by the AWS platform to make cloud usage more secure. It allows the user to create users and attach access policies to grant him access to either the complete AWS service or just an instance of the AWS service. It provides the security credentials to access AWS services from outside the platform.