Getting Started with AWS Identity and Access Management (IAM)

Home » Amazon Web Services » Getting Started with AWS Identity and Access Management (IAM)

The goal of this article is to give you the knowledge you need to get familiar with AWS, but not necessarily become an expert…yet. You will learn what AWS IAM is, how it works, how it applies to job scenarios, and how important it will be during AWS exams

What is AWS IAM?

According to the AWS Documentation, “AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources”. To simplify that even more, you use IAM to tell users what they can use and when they can use it. Think of IAM as the control center to all your AWS resources. Do you want to give a user administrator access? IAM does that. Do you want your users to have a certain password policy? IAM does that. Do you want an employee to access your database? IAM does that.

Clearly, IAM has a wide variety of use cases for hundreds of unique services. AWS is so vast, and you don’t want to be giving users access to every service. In reality, it’s the exact opposite. The best practice for security is to grant as little permission as possible to achieve the task at hand. IAM will allow you to choose where and when access to services is given.

How to use IAM

When creating your AWS account, you are actually creating the Root User. This user clearly has access to everything in AWS (hence it being named the root user), and you will want to enable some IAM settings to ensure that it is secure. 

*** Security Tip ***

Never share your root credentials! Never create or share access keys to your root account! Enable multi-factor authentication! On top of that, you do NOT want to use the root user for everyday tasks. 

Instead, create the first user and give it administrator access. This first user will be your access point to your entire organization without exposing your root user. Once you have your IAM account secured, you will have the option to create more users, groups, or roles. But first, let’s get more information about users, groups, and roles.

IAM Users

An IAM user is an account dedicated to the person or service interacting with AWS. For an employee at your organization, you will create a dedicated user for them. They will utilize a password to gain access to the AWS Console and access keys to make calls to different AWS services. 

IAM Groups

IAM Groups will allow you to organize users within your organization. For example, you can put all the users who focus on development into the developers group.  You can assign those users the different permissions they need to complete their job tasks by giving the entire group those permissions. 

IAM Roles

IAM Roles can be given to anyone. They give you temporary security credentials to the users who need to achieve a task. This allows for more flexibility when delegating access. As always, this speaks to the best practice of granting the least privilege.

How you will interact with IAM in your job

Many different roles in the technology industry will interact with AWS IAM directly or indirectly. If your organization uses AWS, you will be given different roles in order to access the services necessary to succeed at your job. 

  • Users with Admin access will be the ones defining users, groups, and roles. They will use IAM very often to manage the entire organization’s access.
  • Developers will make calls to AWS services in order to make their programs run. They will leverage a set of access keys and secret keys in their application development.
  • Database Admins will have a set of permissions that allows them to manipulate different AWS databases. They need the appropriate roles to allow this access. 
  • System Admins will maintain infrastructure in AWS. They will need the appropriate permissions to create new resources. 

Any role you take in a corporation that uses AWS, you will run into IAM. It is the backbone of AWS. 

AWS Certifications and IAM

IAM is the building block of AWS. This will come up on nearly every AWS exam in one way or another. There are many questions on every associate exam that involve services taking on different IAM roles. While IAM is not an extremely difficult topic to master, understanding it in depth will set a great foundation for the rest of your learning on AWS!

Learn More

If you’re keen to deepen your understanding of AWS IAM, check out the popular AWS Identity Management Masterclass from Digital Cloud Training which includes both theory lessons and practical hands-on labs.

Related posts: