Home > Blog > Articles > What is AWS IAM? Need, Working, and Components

What is AWS IAM? Need, Working, and Components

What is AWS IAM? Need, Working, and Components

Cloud adoption is surging worldwide, with the Cloud computing market projected to reach from $626.4 billion in 2023 to $1.26 trillion by 2028 at a CAGR of 15.1% (Markets and Markets). Cloud computing has dominated the IT industry, surpassing the traditional data center approach. With vast amounts of data, including sensitive information, stored in the cloud, companies prioritize scrutinizing cloud service providers. AWS IAM, which stands for ‘Identity and Access Management’ is gaining importance in this context.

Here is a list of topics that are going to be covered in this blog:

What is IAM in AWS?

AWS Cloud is known to provide a safe virtual environment to its users. AWS Cloud’s services are rendered at minimal prices. AWS IAM is one of the most popular security services that AWS provides. AWS Identity and Access Management (IAM) allows users to implement security best practices, enforce least privilege principles, and maintain control over access to AWS resources

IAM allows users to authenticate users or grant them access permissions. Users can also limit or withdraw access from users or groups.

Need of AWS IAM

In usual corporate scenarios, granting access and taking permissions is a long process. It is usually the IT admins who have all the passwords and to make any changes, you have to ask them. In most cases, all the passwords are also the same. The role of AWS IAM is to change this and add layers of security. It also provides a secure platform to share resources. AWS IAM users are authenticated and granted permissions as and when required, and you can control who has access to your resources and to what extent.

Gain Real-World AWS Skills with Practical Training
AWS Online Course
Explore Program
quiz-icon

How Does AWS IAM Work?

How does AWS IAM work

The IAM workflow contains the following elements:

  • Principal: A principal is something that performs actions on an AWS resource. This could be a user, an application, or a role.
  • Authentication: Every principal trying to get access, needs to be authenticated. A principal has to provide credentials or keys to confirm their identity.
  • Request: A principal is required to send AWS a request, providing details of the resource they plan to use and the action that has to be performed.
  • Authorization: IAM only allows a request if it is allowed by a policy. After the request has gone through the process of authentication and authorization, it is approved.
  • Action: An action determines if a resource has to be viewed, edited, created, or deleted.
  • Resources: Actions are performed on the resources stored in your AWS account.

Components of AWS IAM

The following are some basic components of IAM in AWS:

  • Users
  • Groups
  • Policies
  • Roles
iam-components

Let us discuss the components of IAM in AWS in detail.

1. Users

IAM users in AWS are identified with credentials and permissions that are attached to them. A person or an application can be a user. You can create an IAM user name for each employee in your company. You can grant them access and permissions accordingly. Each user can access only one account. All new users have no authorization to do any action in AWS, by default. You can assign permissions to each of the users individually according to the requirements.

2. Groups

Groups are collections of IAM users. Instead of assigning permissions to individual users, permissions can be assigned to groups, which will simplify permissions management. Users can belong to multiple groups, inheriting the permissions associated with each group.

  • Easy way to assign permissions based on a change in responsibility.
  • Easy way to update permissions for multiple users.
  • Reduces the complexity of access management as the number of users grows.

3. Policies

IAM policies in AWS provide permissions and manage access to all AWS resources. These are JSON documents that define permissions and access control rules. Policies can be attached to users, groups, or roles to specify what actions are allowed or denied on which AWS resources. Policies can be custom-defined or predefined AWS-managed policies.

There are two types of policies:

3.1 Managed Policy:

Managed IAM Policies are predefined policies created and managed by AWS. These policies are designed to provide common sets of permissions for various AWS services and resources, making it easier to assign permissions to IAM entities.

3.2 Inline Policy:

An inline policy is created by the customer(s) and embedded into one single entity.

4. Roles

IAM roles are similar to users, but they are not associated with specific individuals. Instead, roles are assumed by users, applications, or AWS services to temporarily gain access to AWS resources. Roles are often used for cross-account access, temporary access, or granting permissions to AWS services.

Get 100% Hike!

Master Most in Demand Skills Now!

AWS IAM Features

Let us now go through the following list of the main features of IAM:

  • Granular Permissions: Some restrictions can be applied to requests using policies. For example, you can allow a user to view a piece of information but withhold edit access.
  • Shared Access: You can create different user names and passwords for different users. This helps you delegate access to resources.
  • Identity Federation: Users can be authenticated by using other accounts such as Facebook or Google. IAM can trust that authentication and allows access to users based on those accounts. Users can also use this to maintain the same password on-site and on the cloud.
  • Multi-Factor Authentication (MFA): MFA is allowed on IAM. Users can provide their credentials and a one-time password from their phones for authentication.
  • Free Security: IAM security is completely free to use. Users do not get charged for adding any users, groups, or policies.
  • PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) sets a standard for security for credit card handling organizations. IAM also complies with it.
  • Password Policy: IAM has a password policy that lets you reset or rotate a password. You can make rules on how a user should pick their password or how many tries they get to enter a correct password.

How to Create an IAM User on AWS?

In the field of AWS Identity and Access Management (IAM), an IAM user stands as a unique identity created within your AWS account. This identity serves as a representation of either a human user or an application that interacts with AWS resources. 

You can create an IAM user in the AWS Management Console by using the following steps:

You can create an IAM user with Permission in the AWS Management Console by using the following the below-mentioned steps:

Step 1: On the Console Home page, select the IAM service
https://console.aws.amazon.com/iam/

Step 2: In the navigation pane, select Users

step-img-1

Step 3: Select Create users

step-img-2

Step 4: On the Specify user details page, under User details, in User name,
enter the name for the new user. This is their sign-in name for AWS. Click the
checkbox to Provide user access to the AWS Management Console.

step-img-3

Step 5: Select I want to create an IAM user

step-img-4
Boost Your Career with AWS DevOps Skills!
AWS DevOps Training
Explore Program
quiz-icon

Step 6: For the Console password, choose Custom password and provide a
password for the user.

step-img-5

Step 7: Choose Next.

Step 8: For Permission options, select the Attach policies directly option and
attach any policy of choice to the user. (Administrator Access in this case).

step-img-6

Step 9: Finally click on Create user.

step-img-7

You can also click Download .csv to download the credentials.

The IAM user account with administrative privilege is ready to use.

AWS IAM Best Practices

The following are some of the best practices:

  • Principle of Least Privilege (PoLP): It ensures that users, roles, and services are granted only the permissions they need to perform their specific tasks. This will help to minimize potential security risks by limiting unnecessary access to AWS resources.
  • Multi-Factor Authentication (MFA): It helps to add an extra layer of protection to an AWS entity. So even if the user’s credentials got compromised, the attacker would still need the second factor (access code) to gain access.
  • Enable AWS CloudTrail: It provides visibility, security, and accountability for all actions taken in your AWS environment, which is essential for monitoring, compliance, and effective incident response.
  • Rotate Credentials Regularly: Rotating credentials regularly helps maintain robust security and mitigates the risk of unauthorized access and potential data breaches.

Check out our AWS Tutorial and start learning!

Video Thumbnail

Conclusion

AWS has provided various measures to keep data safe on the cloud. IAM has proven to be the best among these due to all the reasons we have already discussed in the blog. As the acceptance of AWS Cloud is growing steadily around the world, there is going to be a need for people who possess in-depth knowledge about AWS services. IAM will be a major contender because of the imperative need for online security. Join our AWS technical essentials certification and gain a solid foundation in cloud computing with AWS.

Our AWS Courses Duration and Fees

Program Name
Start Date
Fees
Cohort starts on 11th Jan 2025
₹22,743
Cohort starts on 18th Jan 2025
₹22,743
Cohort starts on 1st Feb 2025
₹22,743

About the Author

Rupinder
Rupinder
Senior Cloud Computing Associate

Rupinder is a distinguished Cloud Computing & DevOps associate with architect-level AWS, Azure, and GCP certifications. He has extensive experience in Cloud Architecture, Deployment and optimization, Cloud Security, and more. He advocates for knowledge sharing and in his free time trains and mentors working professionals who are interested in the Cloud & DevOps domain.