AWS Security Services

IAM Core Concepts - Users, groups, roles and policies

Authentication is done in IAM through users, groups or roles whereas authorization is done through policies.

 

Users and Groups

Users and groups control an individual's access to AWS services. 

IAM Users can be grouped into Groups

 

[Lab] Using IAM Roles Instead of Configuring Credentials from AWS Command Line in EC2

Amazon Linux AMI comes with aws command line pre-installed, and we will use it for out lab. You may have to install it manually in other AMIs. You can install AWS command line in our personal devices as Windows, Mac etc.

 

Steps

  1. Login to AWS console and go to IAM:

    1. Go to Roles (side menu)

[Lab] Configuring Access Key Id and Secret Access Key from AWS Command Line Inside EC2

Amazon Linux AMI comes with aws command line pre-installed, and we will use it for out lab. You may have to install it manually in other AMIs. You can install AWS command line in our personal devices as Windows, Mac etc.

 

[Lab] Setting Up Basic First Time Security Tasks in IAM Dashboard

After going to the IAM page as seen in the previous note, you need to complete all items under security status.

 

Initial Security Status

Note that Task 1 should have been already completed.

 

[Lab] Experimenting More with IAM Users, Roles, Groups and Policies

This is the second lab on AWS IAM and we will do more experiments with AWS IAM.

 

Prerequisite:

Important terms to understand before lab: Users, Groups, Roles, and Policies.

 

Summary of steps:

  1. Got to AWS console and go to IAM dashboard.

  2. Compare policy documents (JSON documents) for two policies Administrator Access and System Administrator and find differences.

AWS IAM Important Notes (Exam Tips)

This is a highlight of the IAM FAQ and important notes.

 

Important Notes

  1. You can give your federated users single sign-on (SSO) access to the AWS Management Console using SAML 2.0.

 

How To Links

  1. How can individual IAM users set up MFA?

AWS IAM Best Practices

This is a highlight of the best practices as listed in AWS website along with personal experiences and from other materials:

  1. Lock away your AWS account (root) access keys

  2. Create individual IAM users. Use only root account rarely (or never after initial setup).

  3. Use AWS-defined policies to assign permissions whenever possible

  4. Use groups to assign permissions to IAM users.

AWS Identity and Access Management (IAM) Overview

AWS Identity and Access Management (IAM) enables you to create and manage AWS users, groups and roles, and use permissions to allow and deny their access to AWS services and resources. For using IAM, you can use the web based IAM console, the AWS CLI for command line access, or the API or SDKs for programmatic access. To start using IAM, you must subscribe to at least one of the AWS services that is integrated with IAM.