The AWS Management Console requires the username and password so that the service can determine if you have permission to access resources. However, we would recommend you to avoid accessing Amazon Web Services using the information and credentials of your root AWS account. Instead, we recommend you to use your AWS Identity and Access to create the IAM user and add these user to an IAM group with administrative permissions.
In this way, administrative permissions are granted to the IAM user. You can then log into the AWS Management Console using credentials for the IAM user.
What Is IAM?
IAM i.e. Identity and Access Management is a specialized web service that help in securing the controlling access to AWS resources. You can also use the IAM to control the authentication as well as authorization to use resources.
Features and Keywords Used in IAM
List of features in AWS IAM.
1. Shared access to your AWS account: – With AWS IAM, we can easily grant other people permission to use the resources from your AWS account without a need to share the access key or password.
2. Grant Permission: – We can grant different permissions to different people for different resources, like S3, EC2, Dynamo DB, Redshift.
3. Multi Factor Authentication (MFA): – We can also add 2 step authentication to our account as well as for individual users for the extra security. With the help of MFA, users or you must not provide the password or access key to work with your account, but a code also formed out of a specially configured device.
4. Free to Use: – IAM as well as AWS STS (AWS Security Token Service) are the features of the AWS account being offered at no additional cost changes. You will be charged only when you wish to access other AWS services while using the AWS STS or IAM users’ temporary security credentials.
Different Services provided by AWS:
1. Amazon Aurora- High Performance Managed Relational Database.
2. Amazon RDS- Managed relational database service for PostgreSQL, MYSQL, Oracle, MariaDB and SQL server.
3. Amazon DynamoDB– Managed NoSQL database.
4. Amazon ElastiCache- In-memory caching system.
5. Amazon RedShift- Fast, simple, cost effective Data Warehousing.
6. Amazon Neptune- Fully managed graph database service.
7. AWS database Migration service- Migrate Databases with little downtime.
Creating an IAM User in Your AWS Account
We can create one or more IAM users in your AWS account. The three ways we can create IAM user in AWS as per our need.
1. Creating IAM Users (Console).
2. Creating IAM Users (AWS CLI).
3. Creating IAM Users (AWS API).
Creating IAM Users (Console)
We can use the AWS Management Console to create IAM users.
Steps create one or more IAM users (console)
1. Sign in to the AWS Management Console. Open the IAM console at (https://console.aws.amazon.com/iam/)
2. From the Menu choose Users and then choose to Add user.
3. Type the user name for the new user. At a time, you can add up to 10 users (user names must be unique within an account)
4. Select the type of access for this set of users. You can select either programmatic access, or access to the AWS Management Console, or both.
5. Password Type: Auto-generated password, Custom password.
6. Choose Permissions.
7. On the Set permissions page, state how you want to assign permissions to the set of new users. Choose one of the following three options
- Add user to group.
- Copy permissions from existing user.
- Attach existing policies to user directly.
Managing AWS IAM users and their logins: You can create IAM users, assign individual security credentials to them including passwords, access keys and and multi-factor authentication devices. You can also request temporary security credentials in order to give users the access to AWS services and resources. You can manage permissions to control what operations each user can perform. IAM users can be:
- Administrators with full privileges who must log in to the console to manage AWS resources.
- End users needing access to the AWS content.
- Systems in need of some particular privileges in ordere to programmatically access data in AWS.
Generic use cases related to the creation of IAM users
One of the best security practices is not using the root account, because it may provide access to all resources and services. Users must have only the necessary privileges, that is, the minimum privilege.
In a group there are users with different permissions. When IAM users are used, assigning policies to individual users becomes very easy. You assign permissions to those users who need access to specific related services and resources.
- An IAM user have access to the AWS command line interface.
- An IAM user is allowed to use a role.
The article guides you on how to create an IAM user in your AWS account, what type of privileges can be assigned to the users, and dos and don’ts regarding the AWS IAM user and the permissions.
Stay tuned for more such articles.