Open in app

Sign in

Write

Sign in

AWS Identity and Access Management (IAM) — Part 1

Beaubaby
3 min readFeb 21, 2021

--

Objective: This blog is a basic concept before go through IAM Multi account because we must understand the purpose and basic components of it.

What’s IAM ?

AWS Identity and Access Management (IAM) is services that uses for manage users and permission levels for staff or 3rd parties requiring to access and help securely control in AWS resources. We use it to control who is authenticated to AWS account and authorized (has permission). It seems to be the security center in an AWS account and define who can do what in AWS resources

How’s secure ?

When we’re talking about IAM, just thought about it as a front door to the cloud. If you want to access anything, any resources or services in AWS. IAM will provide you the access key to those things and we can configure the level of permissions to access them. Just keep in your mind, please give it the least privilege access.

IAM’s Component :

If you need to interact with the AWS resources, they require 2 things that IAM can interact to AWS resources via AWS API.

  • Authentication: it will be implemented in term of Principles.
  • Authorization: it will be implemented in term of Policies using JSON document.

The IAM policy, there are 3 parts of request that represents somebody who wants to do something with something defined by an access elements.

  • Principal is something who is the user, the role or the AWS service which want to interact inside AWS resources.
  • Action will define what the principle wants to do such as “GetObject” from S3. It’s the operation thing.
  • Resource is the target of the operation.

This is an example of policy access elements.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "iam:GetContextKeysForCustomPolicy",
                "iam:GetContextKeysForPrincipalPolicy",
                "iam:SimulateCustomPolicy",
                "iam:SimulatePrincipalPolicy"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Principle is all AWS resources.

Action can be operation as following as inside-array above.

Resource is IAM.

Meaning of this policy allow “All resources in AWS can be GetContextKeysForCustomPolicy, GetContextKeysForPrincipalPolicy, SimulateCustomPolicy and SimulatePrincipalPolicy on IAM services”

Reference guide & recommended book:

IAM Introduction

A Practical Guide to AWS IAM

Let’s see an IAM Multi account strategy at AWS Identity and Access Management (IAM) : IAM Multi account — Part 2”

❤… Thank you for reading … ❤

AWS
Aws Iam
Cloud
Amazon Web Services
Aws Cloud

--

--

Beaubaby
Beaubaby

Written by Beaubaby

45 Followers
148 Following

“Technical Project Manager / Infrastructure Consultant” who’s focusing on the agility deliverable project with valuable & the cloud native technology innovation

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams