What is AWS Identity and Access Management (IAM)
Amazon IAM(Identity and Access Management) is a centralized user management system or service, which provides centralized control over the AWS resources. IAM allows the customers to manage users, groups, and policies for specific resources such as EC2 instances, S3 buckets, and other AWS resources. Amazon IAM service allows you to define permission and who is authentication to use AWS resources within your AWS account. IAM provides you secure access to your AWS resources.
Users: IAM Users is used to allowing people or applications access to your AWS account and AWS resources. You can create the IAM user with the help of the three methods given below:
1. Creating IAM Users with the help Console
2. Creating IAM Users with the help of AWS CLI
3. Creating IAM Users with the help of AWS API
Roles: Create Roles to grant AWS services and external identities access to your AWS account. IAM Roles are created for AWS services such as Amazon EC2, Amazon VPC, Amazon IoT(Internet of Things), Amazon S3 and Amazon RDS, etc. and then the policies can be attached with AWS role for specific services.
Customer Managed Policies: Customer Managed Policies are used to define permission for IAM users, groups, and roles.
Groups: IAM Groups are used to manage access for multiple IAM users. You can attach up to 10 policies in one group.
Identity Providers: Identity Providers can be created to define trusted external identities.
Amazon Identity and Access Management come with the following features:
Shared Access: You don’t need to share your password and access key with other people in order to access your AWS account. Simply, create another user with required permissions to limited resources of your AWS account like EC2 instances, S3 buckets, Amazon RDS and other AWS resources.
Permissions: You can give different permissions to different users regarding your AWS resources or services. For example, if someone wants to do S3 integration then you can grant the permission to that specific user with full access to Amazon S3 bucket.
Multi-Factor Authentication: AWS Multi-Factor Authentication is used for privileged accounts and it includes options for hardware-based authenticators. MFA is an advanced security feature for login to Amazon Web Services account. It is an extra layer of protection which can be used for individual users of AWS account. You can activate this feature from your AWS account. After configuring MFA device, the user needs to get the authentication response from their AWS MFA device. After that, they will be able to login into the AWS account. MFA feature helps the customers to control access to AWS service APIs.
STS: The AWS STS(Security Token Service) is a web service that lets you demand temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for federated users.
IAM Accessing: You can access the Amazon IAM user with the help of the following:
1. AWS Management Console
2. AWS Command Line Tools
3. IAM HTTPS API
4. AWS SDKs
Amazon IAM Pricing:
There are no additional charges for Identity and Access Management service. Even AWS Security Token Service is also free of cost. You are charged only when you access other AWS services (such as Amazon S3 and other AWS services) using your IAM users or AWS STS temporary security credentials.