Exploring AWS !!
Day 30:
IAM (Identity Access Management)
IAM is a AWS resource that helps in managing the access to AWS resources. It helps in creating and controlling the access to specified users and limiting the access to a defined people. IAM also helps in managing users, groups, permissions, policies, roles and access keys.
Benefits:
Set permissions and have fine grained access control
Manage workloads and work force identities
Use temporary credentials to access resources as required
Least privilege policy for users
Can be classified as:
Users
Roles
Groups
Root User: created by default and is owner of account.
IAM User: **We can create these users for specific purposes and provide specific permissions as required to control the account, keeping in mind least privilege to be granted.
**IAM Groups: A group of IAM users, a user can belong to multiple groups. Using groups the permissions can be handled efficiently.
IAM Roles: AS we cannot directly assign policies to the resources in Amazon, we have roles, they can be assumed by anybody who acquires them, may it be a user or a resource.
IAM Policies: can manage access for AWS by attaching them to identities or roles. When a user makes a request to AWS, by checking these policy AWS decides whether to permit or not.
Features:
Free of Cost
Centralized control
Grant permissions
MFA (Multi Factor Authentication)