What is IAM In AWS ? | Why We need It

What is IAM In AWS ? | Why We need It

·

2 min read

Consider you have your own startup, and you are the CEO & Founder of the company. You started hiring people, and you hired a DevOps Engineer as an intern. One day, the DevOps intern was given the task to create an S3 bucket. Although the DevOps engineer knew how to do it, by mistake, they deleted your EC2 instance, which caused a major issue. This is where IAM comes into the picture.

IAM (Identity and Access Management) is a service provided by AWS that helps manage resources on AWS, including security.

IAM allows you to create users, groups, and roles. With IAM, you can control and define permissions through policies. IAM follows the principle of least privilege, meaning users and entities are given only the necessary permissions required for their tasks, minimizing potential security risks. In the above example, we saw how the DevOps intern terminated the EC2 instance without asking.

Components of IAM:

  • Users: IAM users represent individuals or entities that interact with your AWS resources. You can manage the users and create as many users as needed.

  • Groups: IAM groups are collections of users with similar access. This means the users in the group have the same access to AWS resources. Groups are useful when you have a type of group, for example, "DevOps," that should have the same permissions, so you can put them in one group.

  • Policies: IAM policies are JSON documents that define permissions. Policies specify the actions that can be performed on AWS resources and the resources to which the actions apply. You can attach policies to users, groups, or roles to control access. You can define custom policies by defining a JSON file or use pre-built policies.

  • Roles: IAM roles are used to grant temporary access to AWS resources. Using roles, you can talk to other services in AWS. Roles have associated policies that define the permissions and actions allowed for the role.

I hope you liked it! :)