Skip to content
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions

Simplified Learning Blog

Learning made easy

  • Java
    • Core Java Tutorial
    • Java 8
    • What is Rest API in java
    • Spring Framework
    • Type Casting in Java | 2 types Implicit and explicit casting
    • Spring Boot Tutorial
      • Spring Boot Rest API Example complete guide
    • Top 50 Java Interview Questions
    • JUnit 5 Tutorial
      • Assertall in JUnit 5
      • Assertions in JUnit 5
    • Java Thread Tutorials
      • How to create thread in Java
      • Multithreading in java
      • Daemon Thread in Java | How to create daemon thread in java
      • Top 40+ Multithreading interview questions
  • AWS
    • What is AWS (Amazon Web Services)
    • AWS IAM (Identity and Access Management)
    • AWS SNS | What is SNS
    • What is SQS | AWS SQS (Simple Queue Service)
    • What is AWS Lambda
    • Top 10 AWS Lambda interview questions
  • Java Codes
  • Software Architecture
    • Software Architecture Performance
    • Performance Principles of Software Architecture
    • System Performance Objective
  • Spring Boot Tutorial
  • Tools
    • JSON Formatter and Validator
  • Tech Blogs
    • Java 21 New Features
    • Is Java Dead? Is java dead, 2023 ?
    • New Features in Java 17
  • Toggle search form

AWS IAM (Identity and Access Management)

Posted on February 8, 2023February 27, 2024 By Admin No Comments on AWS IAM (Identity and Access Management)

AWS IAM:

AWS IAM (Identity and Access Management): It helps you to control the access to AWS resources securely. It is the set of policies that ensures the right users have the permissions to access AWS resources.

Table of Contents

Toggle
  • AWS IAM:
  • AWS IAM Users and Groups:
  • IAM Policy Structure:
  • AWS IAM BEST PRACTICES
  • Key Features of AWS IAM at a Glance
    • Q. What is AWS IAM used for?
    • Can AWS IAM be used to manage access to resources outside of AWS?
    • Can IAM be used to control access to individual files or objects within a resource?
    • Is AWS IAM free?

With AWS IAM, you can specify who or what can access resources and services on Amazon.

AWS IAM
AWS IAM

Basically, AWS IAM sets out who can access what resources on AWS.

IAM is one central place from where you can manage all the permissions and control the access to AWS cloud platform.

AWS IAM Users and Groups:

On AWS Root account, created by default, shouldn’t be used or shared. Users are people in any organization and can be grouped. We can create user groups like developers, Operations, etc.

Groups only contain users, not other groups. Some users don’t have to belong to a group, users can be a part of multiple groups.

Users and groups can be assigned JSON documents called policies. e.g.

{
  "Version": "2023-02-04",
  "Statement": [
    {
      "Sid": "Firstt",
      "Effect": "Allow",
      "Action": ["iam:ChangePassword"],
      "Resource": "*"
    },
    {
      "Sid": "Second",
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "*"
    },
    {
      "Sid": "Third",
      "Effect": "Allow",
      "Action": [
        "s3:List*",
        "s3:Get*"
      ],
      "Resource": [
        "arn:aws:s3:::confidential-data",
        "arn:aws:s3:::confidential-data/*"
      ],
      "Condition": {"Bool": {"aws:MultiFactorAuthPresent": "true"}}
    }
  ]
}

These policies define permissions of the user. In AWS, you apply the least privilege principle, i.e. Don’t give a user more permission than a user needs. Just create only required permission and assign it to that user.

IAM Policy Structure:

Effect: Allow or Deny

Action: what kind of action is allowed or denied.

Resource: Target resource written using ARN (Amazon Resource Name).

Condition: Target entity of policy (IAM user, group or role).

AWS IAM BEST PRACTICES

  • Lock the access keys of root user and do not use it unnecessarily.
  • Use IAM groups to assign permissions to IAM users.
  • Always set least privilege to users and groups.
  • Instead of creating new policies use the existing provide by AWS.
  • Use a customer management policy, not an inline policies.
  • Use access levels to manage IAM permissions.
  • Set strong password policy for your users.
  • Enable MFA (Multi Factor Authentication).
  • Use IAM roles for application running on EC2 instances.
  • Don’s share the access keys with others.
  • Change or updates authentication information on regular basis.
  • Always monitor the activity of your AWS account.
  • Use IAM access analyzer to generate least-access policies

IAM is used for user management in AWS. By Default, account is root account. IAM policies are applied to IAM users and roles to give them permissions to use AWS resources.

Key Features of AWS IAM at a Glance

  1. User Management
    IAM allows you to easily create and manage users, assign them unique access credentials (including access keys and secret access keys ) for AWS resources, as well as specify which actions these users can perform on those resources.
  2. Group Management
    IAM allows you to easily create and manage groups, assign policies that determine what actions members of these groups can perform on AWS resources, as well as maintain group membership without impacting individual user accounts.
  3. Role Management
    IAM allows you to define and administer roles, which specify permissions for specific job functions. These roles may be assumed by users, applications or AWS services in order to gain access to AWS resources.
  4. Policy Management
    IAM allows you to easily create and administer policies, which outline permissions for users, groups, and roles. Policies can then be attached to individual users so you can control what actions they can perform on AWS resources.

Q. What is AWS IAM used for?

AWS IAM is used to manage and control the resources securly

Can AWS IAM be used to manage access to resources outside of AWS?

No. AWS IAM can only be used to manage access to AWS resources.

Can IAM be used to control access to individual files or objects within a resource?

No. IAM can only be used to manage access for entire AWS resources such as an S3 bucket or an EC2 instance.

Is AWS IAM free?

AWS IAM is available as a free service.

Next Topic : AWS LAMBDA

Checkout Our Git More

Related

AWS

Post navigation

Previous Post: What is SQS | AWS SQS (Simple Queue Service)
Next Post: JUnit 5 Tutorial

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • PDF to JSON Convertor
  • System Performance Objective
  • Performance Principles of Software Architecture
  • Calculate date of birth from age in jquery
  • How to convert excel to PDF using java

Recent Comments

No comments to show.

Copyright © 2025 Simplified Learning Blog.

Powered by PressBook WordPress theme