AWS, Cloud Computing

4 Mins Read

AWS Identity & Access Management – Best Practices

Security is a critical aspect for any organization. This blog focuses on the account security measure provided by AWS – IAM. IAM stands for Identity and Access Management and is used for controlling access to AWS services and resources. There are no additional charges for using IAM.

For people new to IAM, the basic concepts are:

User: A user is similar to a login user in various operating systems like Microsoft Windows. A user can log in to the AWS console using their username and password. In AWS world, this user can be an individual, system or an application requiring access to AWS resources and services.

Groups: A group is a collection of users. Instead of assigning similar permissions to multiple users individually, a group can be created with a set of permissions and users can be added to it. The benefit of creating groups is that it simplifies the tasks of managing a large number of users and their permissions.

Role: A role is a set of permissions required to make AWS service requests. But this role cannot be directly assigned to a user or group, instead roles can be assumed by a user, an application or an AWS service like EC2 to make service requests. When a user has assumed a role then their existing permissions are no longer applicable till the time they are using that role and can only perform actions specified in permissions associated with that role.

Policy: A policy is a JSON document which specifies the actions that are allowed or denied for various AWS services. A policy can be attached to a user, group or an IAM role. AWS also provides IAM policy generator and sample policies which can help in getting started with IAM policies.

IAM can be used for:

We, at CloudThat, adhere to the following IAM best practices:

Here is how our password policy looks like:

Policy

 

 

One can also use the credential report which is available from the IAM console to see the status of the credentials of all the users in your account. This can help you come up the rotation policy for passwords and access keys.

Hope this blog gave you an idea as to how you can use IAM and adhere to the best practices in order to keep your account secure. Please feel free to post questions, comments and suggestions below. 🙂

WRITTEN BY CloudThat

SHARE

Comments

  1. Karthik

    Sep 18, 2015

    Reply

    Very useful..!! Thank you 🙂

  2. Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!