Developers Nest

What is IAM inside AWS Cloud? - Basics all covered

What is IAM inside AWS Cloud? - Basics all covered

Poulav Biswas's photo
Poulav Biswas
·

4 min read

Table of contents

Brief about AWS Cloud:

AWS (Amazon Web Services) is a leading cloud computing platform that offers a wide range of scalable and reliable cloud services. With AWS, businesses and individuals can access on-demand computing power, storage, and other resources, eliminating the need for upfront infrastructure investment. AWS provides a vast array of services, including virtual servers, databases, machine learning, content delivery, and IoT solutions, enabling organizations to innovate and scale quickly. It boasts a global infrastructure that ensures high availability and low latency. AWS also offers a rich ecosystem of tools and services, empowering users to build, deploy, and manage their applications efficiently in the cloud.

As a DevOps fresher AWS would be the first choice to start with.

IAM:

IAM is the abbreviation of Identity and Access Management is the main area where authorization and authentication of the entire AWS cloud are managed. In a typical organization, this is where you start your cloud journey with.

Authentication and Authorization:

First of all, let us understand what are authentication and authorization. Authentication is a method of validating the identity of a user and authorization on the other hand is the allowed set of permissions given to the user.

Consider this example to understand it a bit more clearly. Suppose, there is an organization 'A', where each of the employees requires their biometrics to be verified before they can enter the office, that means every employee needs to be authenticated before they can enter the office.

On the other hand, what will the employee do in the office? Will he clean the floor? Access any computer and play a game? Or, check the finances of the company?

Now, the authenticated employee needs to be assigned to some specific set of tasks. Here the organization will assign specific permissions to the employee on what he can access and do within the organization, this is authorization.

Entities of IAM:

In AWS (Amazon Web Services), users are the basic identities within an AWS account. When you first start using AWS, the initial step is to create a user. Users are associated with unique credentials, such as a username and password, which are used to access AWS resources and services.

Policies and Permissions are crucial aspects of managing user access within AWS. After creating a user, you need to specify the actions they can perform by assigning them a set of policies. Policies define the permissions and authorizations for users or roles. These policies can be AWS-managed policies, which are predefined by AWS, or custom policies that you create based on your specific requirements.

Managing access for individual users can become cumbersome, especially in larger organizations with multiple departments and varying access requirements. This is where groups come into play. Groups in AWS allow you to group users with similar access requirements. For example, if you have different departments in your organization, each requiring access to specific areas of AWS, you can create groups and assign the appropriate policies to those groups. This way, when a new user joins or an existing user leaves, you simply add or remove them from the relevant group, saving time and effort for DevOps engineers.

Roles in AWS are similar to users in that they create basic identities. However, roles are specifically used for granting access to applications or services rather than individual users. For instance, let's consider a scenario where you have an EC2 (Elastic Compute Cloud) instance that needs to write data to an S3 (Simple Storage Service) bucket. By default, the EC2 instance won't have access to the S3 bucket. In this case, you would create a role and attach the necessary policies or permissions to that role, allowing the EC2 instance to access and write data to the S3 bucket. Roles provide a way to grant temporary credentials and permissions to applications or services, enhancing security and flexibility in AWS environments.

In summary, users are the foundational identities in an AWS account. Policies and Permissions are used to specify the actions and authorizations for users or roles. Groups help manage access by grouping users with similar requirements together, simplifying the process of assigning and modifying policies. Roles, on the other hand, are used to grant access to applications or services, enabling them to perform specific actions within an AWS environment.

Special thanks to Abhishek Veeramalla for his youtube videos.

You can also get more in-depth knowledge on this from AWS IAM documentation, also, sharing a video from Be A Better Dev which I found helpful in learning about IAM.

Disclaimer: Everything in this article has been written by me to help the cloud community grow and help others understand the core concepts.

AWS IAMAWSIamCloud