AWS Identity and Access Management

 AWS Identity and Access Management

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (singed in) and authorized (has permissions) to use resources. When user will create an AWS account, they begin with one sign-in identity that has complete access to all AWS services and resources in the account. The identity is called the AWS account root user and is accessed by signing in with the email address and password that user can used to create an account.

Ø  Features of IAM:

1.   Shared access to your AWS account

You can grant other people permission to administrator and use resources in your AWS account without having to share your password or any access key.

2.   Granular permissions:

You can grant different permissions to different people for different resources. For example, you might allow some users complete access to Amazon Elastic Compute Cloud (EC2), Amazon S3, Amazon DynamoDB, and other AWS services. For other users, you can allowed read-only access to just some S3 buckets, or permission to administer just some of the EC2 instances, or to access just billing information.

3.   Multi-Factor Authentication(MFA):

User can add two-factor authentication to their account and to individual users for extra security. With MFA you or your users must provide not only a password or access key to work with your account, but also a code from a specially configured device.

4.   Identity federation:

You can allow users who already have passwords elsewhere- for example, in your corporate network or with an internet provider- to get temporary access to your AWS account.

5.   Identity information for assurance:

If you use AWS CloudTrail, you receive log records also that include information about those who made requests for resources in your account. This information is based on IAM identities.

6.   Eventually consistent:

IAM, like many other AWS services is eventually consistent. IAM achieves high availability by replicating data across multiple servers within Amazon’s data centers around the world. If a request to change some data is successful, the change is committed and safely stored. Such changes include creating or updating users, groups, roles or policies.

7.   Free to use:

AWS IAM (Identity and Access Management) and AWS Security Token Service (STS) are features of your AWS account offered at no additional charge. You are charged only when you access other AWS services using your IAM users or AWS STS temporary security credentials.