AWS IAM

Introduction:
AWS IAM is generally defined as Identity and Access Management, which is
derived as one of the best web services that help to provide secured control
access to all the AWS resources.
You can use this IAM option in order to control both authorized and
unauthorized resources easily.
If you want to create this identity and access management, you need to create
the AWS account first.
It is better to start with a single sign-in identity, which can complete all the
possible access that needs to avail the AWS resources and services in the
respective account.
This particular identity can be named as the AWS account root user that can
be easy to log in with the prospective users for all the tasks whether it is admin
ones or some other ones.
Instead, to combine all the best practices, it is better to create a new identity
as the first IAM user.
Then it can automatically secure the look away from the root user login
credentials, which are used to perform all the management-related tasks.
IAM Identities Classified
1. IAM Users
2. IAM Groups
3. IAM Roles
Root user
The root user will automatically be created and granted unrestricted
rights. We can create an admin user with fewer powers to control the
entire Amazon account.
IAM Users
We can utilize IAM users to access the AWS Console and their
administrative permissions differ from those of the Root user and if
we can keep track of their login information.
Example
With the aid of IAM users, we can accomplish our goal of giving a
specific person access to every service available in the Amazon
dashboard with only a limited set of permissions, such as read-only
access. Let’s say user-1 is a user that I want to have read-only access
to the EC2 instance and no additional permissions, such as create,
delete, or update. By creating an IAM user and attaching user-1 to
that IAM user, we may allow the user access to the EC2 instance with
the required permissions.
IAM Groups
A group is a collection of users, and a single person can be a member
of several groups. With the aid of groups, we can manage
permissions for many users quickly and efficiently.
Example
Consider two users named user-1 and user-2. If we want to grant
user-1 specific permissions, such as the ability to delete, create, and
update the auto-calling group only, and if we want to grant user-2 all
the necessary permissions to maintain the auto-scaling group as well
as the ability to maintain EC2, we can create groups and add this user
to them. If a new user is added, we can add that user to the required
group with the necessary permissions.
IAM Roles
While policies cannot be directly given to any of the services
accessible through the Amazon dashboard, IAM roles are similar to
IAM users in that they may be assumed by anybody who requires
them. By using roles, we can provide AWS Services access rights to
other AWS Services.
Example
Consider Amazon EKS. In order to maintain an autoscaling group,
AWS EKS needs access to EC2 instances. Since we can’t attach policies
directly to the EKS in this situation, we must build a role and then
attach the necessary policies to that specific role and attach that
particular role to EKS.
IAM Policies
IAM Policies can manage access for AWS by attaching them to the
IAM Identities or resources IAM policies defines permissions of AWS
identities and AWS resources when a user or any resource makes a
request to AWS will validate these policies and confirms whether the
request to be allowed or to be denied. AWS policies are stored in the
form of Jason format the number of policies to be attached to
particular IAM identities depends upon no.of permissions required
for one IAM identity. IAM identity can have multiple policies attached
to them.
The IAM Features:

1. Shared access to your AWS account:

Without sharing your password, you are eligible to access the other permission
with respect to the administrator as well as the resources from your current
AWS account.
2. Granular permissions:
By using this granular permission, you are able to grant the permissions for
different according to their resources.
By considering an example, you can give the whole access to Amazon EC2,
S3 (Amazon simple storage services) as well as to remaining AWS services.
While the other users can allow getting the read-only access along with the
administrator EC2 instances in order to access the process of billing
information.
3. Secured access to AWS sources:
This IAM feature at AWS will be used to secure all the login credentials which
can succeed on the EC2 instances. You can also offer them the permissions in
order to access your application with respect to the AWS services.

4. Multi-Factor authentication (MFA):

By using the MFA, you can easily add the two-factor authentication not only for
your account but also for the individual users for more security.
Either you are your user can provide an access key or password in order to
work with your account with the help of a code that is specifically configured
by the device.
5. Identity Federation:
The identity federation at IAM will allow the users who already have their
passwords. For example, let us consider an X corporate network or else an
internet provider in order to get temporary access to your current AWS
account.
6. Identity information for assurance:
If you using the Cloud Trail option for your AWS account, then you will
definitely get the log records that contain all the information that is made
according to the resources in your account.
All those information is generally named as the IAM identities.
7. PCI DSS Compliance:
The IAM at AWS will completely support all the storage, transmission, storage
of data by both provider and merchant in order to validate the complaint with
PCI (Payment Card Industry) DSS (Data Security Standard).
How to set up IAM on AWS Account

Step1: Sign in as a root user. Provide username and password

Step2: Sign in as Select the Users menu. Navigate to the Users screen. You'll
find it in the IAM dashboard, under the Identity and Access Management
(IAM) drop-down menu on the left side of the screen. Click on Users.
Step3: Add a user. Click on Add User to navigate to a user detail form. Provide
all details, such as the username and access type. In this tutorial, we use the
name cli-user, and check the Programmatic access box under Access type. This
option gives the user access to AWS development tools, such as the command
line interface used later in this tutorial.
Click on Next: Permissions to continue.
Step4: Set the user permissions.
Click Attach existing policies directly and then filter the policies by keyword:
IAM. For this user, select IAM Full Access from the list of available policies.
The IAM Full Access policy enables this user to create and manage user
permissions in AWS. Later in the tutorial, this user will perform AWS IAM
operations.
Step 5: Finish the user setup.
For this tutorial, we will skip the tags section of user creation and go to the
review page. Check the details of the username, AWS access type and
permissions. Then, click Create user
Multi-Factor Authentication:

Activate MFA (Multi-Factor Authentication):

Step1:
Step2: Choose “A virtual MFA device”.

Step3: Click on continue or next step.

4.Choose the relevant authentication (Select Device type):
Step5: Display the QR code with 2 options Authentication codes

Step6: Download the app from the store and scan the QR code to get the
Authentication codes and key the code after another.
Step 7: MFA is a configured successfully with your device.
Step 8: Refresh to the MFA status
Create Group and set up User in Group
Step 1: Create group on AWS EC2 console
Step 2: Add user to group

Step 3: Attach the policy/policies for the group

Step 4: Review the Group creation options
 IAM ROLES

Step1: Select Roles option & click on create role button

Step2: Select type of role