AWS IAM (Identity & Access Management)
IAM, provides a control mechanism while AWS S3 Buckets communication with each other. It checks authentication privileges of users and uses role based privileged system. Every user have different rights on Amazon. IAM provides a mechanism to control them.
IAM Groups
IAM uses a grouping mechanism. IAM groups users to provide minimum needed rights to them. For example, let’s think about a “Developer” group. IAM Groups, provides only needed rights to developers such as write, read, push…
You can think like Amazon IAM is a Command center.
AWS Credential Types
There are some different AWS credentials:
- Username & password
- MFA (Multi-Factor Auth)
- User access keys (such as SSH keys)
- Amazon EC2 key pairs
Amazon EC2 Key Pairs
EC2 Key Pairs needed to access Amazon Elastic Cloud Compute (EC2) machines. The key pairs are used to provide authentication for SSH/RDP to EC2 machines. EC2 Key Pairs is not safe for daily/routine usage. For situation like using daily/routine, EC2 instances should be a part of Active Directory structure.
How Amazon IAM Works?
Amazon IAM works with 4 steps:
- Making Request: IAM process starts with the principal of a person or an application. Authorized person requests to an AWS resource.
- Sending Details: IAM sends details of request to AWS. Such as IP address of requester, action, role etc. Then IAM checks the requester have rights to access to requested resource.
- Authorization: According to comparison, if requesters have rights to access requested resources IAM gives the permission to requester.
- Process: Process the request
How Can I Use IAM?
IAM can be used with different scenarios. You can youse IAM with:
- API
- Command line interface
- SDKs
- Console