Amazon Identity and Access Management
IAM roles allow you to delegate access to users or services that normally don’t have access to your organization’s AWS resources. IAM users or AWS services can assume a role to obtain temporary security credentials that can be used to make AWS API calls. Using IAM, you can make and manage AWS customers and get-together, and use agrees to allow and deny their passage to AWS resources. By using IAM you can create user and group of users and give authentication or also request temporary security credentials to give user access. Total 100 groups we are able to create in one account and 5000 total users, 250 IAM roles. One user can only allow to add 10 different groups and only two access key assign tot he single user.
There are also some limitations for the character like how many characters are use for naming like for give a user name it must be under 64 character, for group and policy name it should be under 128 character.
This lab Will cover following steps which is as bellow,
- Exploring pre-created users and groups.
- Add IAM policies to the pre-created groups.
- Add user to groups with specific capabilities enables.
- Update Password.
- Open user sign-in URL for login.
- See the effect of policies applied on user.
To use IAM service first click on service to select IAM from the service list as bellow,
Step 1: Create Users
In the IAM console, in the left hand side click on users,
Then click on Add user on the top of that page,
After click on Add user, there are four steps in first step give a name and select access type form the checkbox. If you select a second option then you have to give a password manually so after that no need to go and enable password to use this user because we do it here after selection of second option,
After giving a user name and access type select a group on which group you want to put this user. You can add up to 10 policies in a single user,
After complete this step just review that user name and the name of that group and click on finish to complete process,
Step 2: Create Groups
In the IAM console, in the left hand side click on Groups and then Create New Group which is on the top,
Then Give a name of the group related to task like for admin give a full access also but for normal user read only so it is helpful to remember which group connect with which functions. By using this features we can manage a users with their roles and make sure about work which one is allow or which one is not.
Then type a policy name like a service name for which you want to create this group, Select from the available policies. You can also able to create a new policy according to your requirement and bind that one with this group,
At the end review all the things like name of the group and the policies and then hit on create group,
Step 3: Add Users in Group
To add a users in group select a group first and then click on that group,
Then click on add user tab on the right side, after that click there are list of users which is available in IAM just select those which is required to include in the specific group. After adding users in group click on permissions which is inn bellow so here are the details which kind of policy are apply on this group users,
Step 4: Set Custom Password for Users
To change a password just click on user,
After this, the name of the user is available on the top, click on security credentials and then manage password,
After clicking on the manage password a new popup come on the screen then just select custom password and enter a new one include with some special character and also capital in password,
Step 5: Check applied policy on user
To check the user which is include in group policy and see the result,
In given picture user name is ravi and he was able to access S3 bucket with full access also so is it possible to login with this user and do all the things like create folder, edit objects in bucket.
But there are also other user, name of that use is James and he was not with full access he only ready the content which is in side of the bucket,
So, By using IAM service in AWS we can manage all the users who is in an organization and also give a available policies by creating a group and add users in that group.
END OF THIS LAB
By using IAM we are able to create users and also group. After that we can manage all of them by policies and give them a specific permission also we are able to create custom policies for the group and assign to that groups,
In AWS to use IAM there is not additional charge to create users and also groups only they will charge to use services using that users.