Code my World

AWS 101: I.A.M. Service every DevOps Novice should know

AWS 101: I.A.M. Service every DevOps Novice should know

Getting Started with I.A.M, Users, Groups and Permissions

Aditya Dhopade's photo
Aditya Dhopade
·

6 min read

Table of contents

A.W.S does this seems familiar ? I am sure you must have purchased an item via Amazon or at least visited it once so the term A.W.S. in the recent times is booming in the market and there are several reasons for it. If you are just started with the DevOps I recommend you to have a look on the below links (Just to know what should be going through).

DevOps Terminology Introduction

Foundational Linux

YAML Fundamentals

Proxy Servers Fundamentals

Introduction to Cloud Providers

The worldwide cloud market is dominated by four cloud service providers: Alibaba in China and Asia-Pacific, and AWS, Microsoft, and Google in other countries.

Smaller cloud services providers are primarily utilised in scenarios that require tailored support for legacy services, or have particular location requirements that the cloud giants cannot fulfil. Overall, the cloud market leaders provide an extensive range of solutions for different use cases by fulfilling the needs of high performance, availability, security and support.

If you are just getting started with the Cloud then the Amazon Web Service (A.W.S.) is a great place to start from as AWS has a great community support and the documentation has greater depths but can be understood easily.

cloud_providers.png

What is AWS ?

A subsidiary of Amazon and founded in 2006, AWS is a leader amongst cloud service providers. It is one of the first cloud computing platforms that became widely available. As you can see from the above graph the AWS is still the market leader in the Cloud Providers Industry.

AWS Services

AWS has over 300+ cloud services for a broad range of use cases and industries. The top Amazon most used services are:

Amazon EC2 (compute cloud),

Amazon RDS (relational database),

Amazon S3 (cloud storage),

Amazon CloudFront (content delivery service)

Amazon Glacier (web storage service).

IAM Introduction

For the first time AWS Users whenever you first try to login it is from the Root User but as you know Root user has all the power to edit update revoke the access to any user and as you know *"with great power comes ..."* you know the rest :'(

responsibility.png

In-order to provide t the limited access for all the users, groups there is a service in the AWS known as I.A.M i.e. [Identity and Access Management.]

NOTE: It is always advised to make a new user and we should not work with the root users.

Bookish Definition: AWS Identity and Access Management (IAM), you can specify who or what can access services and resources in AWS, centrally manage fine-grained permissions, and analyze access to refine permissions across AWS.

iam.png

Some important things that you should know about the Groups and Users:

  1. Users they are your company fellows and they can be used to form a group.

  2. The individual user can belong to more than one group and so the access for all that group will also get passed to the users.

  3. Single user can get the policies of different groups and also can get the policies of the root as well.

  4. User should only have the access of which they need they should not have the access to the things that they didn't need to care about.

Now let us gets our hands dirty and try to work on the concepts that we have looked on above.

How to make a user in IAM ?

Note: Its is assumed that user has a root account on the AWS console. (If not get started with it its free.)

AWS Signup for Console Link

Steps to follow

  • Login via root user.

  • Search and access IAM service

  • In Side Nav select the Users from the Access Management Expander.

  • Click on Add Users --> Fill user name (Recommended to add only one user at a time)

image.png

  • Select the AWS Access Type as --> Password - AWS Management Console access Select the Custom password --> Fill in the field

image.png

  • Unchecked the Require Password Reset while next login --> hit next

  • Add User to group appears --> If we want to add it to a group we can do it now or can also add them later. (For now I will not do that but from the screenshot below you could see that there are certain groups which I had previously created)

image.png

  • Select the "Create user without a permissions boundary" in the Set permission boundary--> Move next page Adding a Tags is optional but can be added to remember it further

image.png

  • Now we got onto review page and we can see what are the propeties which we have setted for that particular user --> Hit on Create User (It would give us warning in the console but for now just move on)

image.png

  • If all steps are correctly followed then it would show us the Succes dialog message and user is successfully created.

NOTE: Download the CSV file and make sure to keep it safe incase of any backup or discrepancy.

  • Checkout the user dashboard you would see the user created

image.png

image.png

How to add the Permissions to the User ?

Steps to follow

  • Click on the user --> Permissions Tab --> Hit on Add Permissions

image.png

  • Click on the "Attach existing policies directly" --> for demo purpose search and add "IAMFullAccess"

image.png

  • It would show us the summary of the permissions added.

image.png

  • On the console you could see that the newly added permissions are added onto the user.

image.png

How to add User to certain group ?

Steps to follow

  • Click on user Groups from Side Navigation --> Click on Button Create Group

image.png

  • Name the group and from the below add the users to the group

image.png

  • Below the above options we can attach the permissions policies

image.png

  • In the User groups the newly added group will be shown

image.png

IAM Policies

A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request.

The Users and the Groups the policies can be assigned via the ### JSON doc (They have the builders inside the AWS which helps us to write these policies).

image.png

Now if we move onto some of the ### Advance Policies then we can segregate tem into parts like

image.png

  • Version:

It represents the policy language versions

  • Statement:

    • It represents statement for one or more individuals
    • Sid : It represents the identifier of the statement
    • Effect: It allows or denies the access to the policies.
    • Principal: It defines the account/role/user to which the Policy is applied to condense the following it gives us the source of impact.
    • Action: It defines us the kind of policies we want to allow or deny to users
    • Resource: It is a resource to which the action is applied.

"AWS" : [ "arn:aws:iam::12345566798:root" ]

iam - represents the service which we are using 
12345566798 - represents the id of the user
root - by whom the access is given in this case root (Permission can also be given by the groups)

Phew that's quite a Hands-On ! (Worth It !)

I hope this article has received well with all of you guys. It will definitely help you to get on and get started with the AWS Journey and I will definitely try to keep posting often and make sure that you enjoy while learning the things and getting it done.

Till then Stay tuned for the next one. I hope you are having a good day !

Every Feedback is appreciated it will help me to get better and deliver you guys a great content.

Did you find this article valuable?

Support Aditya Dhopade by becoming a sponsor. Any amount is appreciated!

AWSIAM,MFA,Access key ID,Secret access keyAWS Cloud PractitionerDevopsCloud