IDENTITY ACCESS MANAGEMENT [ IAM ] IN AWS

Q: WHAT IS IAM 'IDENTITY ACCESS MANAGEMENT'?

A: AN IDENTITY ACCESS MANAGEMENT IS A WEB BASED MANAGEMENT TOOL OF AWS CLOUD TECHNOLOGY TO MANAGE YOUR USERS, GROUPS AND THEIR PERMISSIONS  UNDER ROOT AWS ACCOUNT. YOU CAN ADD , REMOVE , MODIFY AND CONTROLS THEIR PERMISSIONS WITH THE HELP OF IAM.
                 





















BELOW ARE THE KEY FEATURES OF USING IAM

1: SHARE ACCESS : IAM CAN BE USE TO PERMIT ACCESS OF ANY  RESOURCE OR ACCOUNT TO OTHER USER WITHOUT GIVEN THEM THE PASSWORD.

2: GRANULAR PERMISSION : YOU CAN GRANT MANY PERMISSION TO MANY USERS FOR MANY RESOURCES . THAT MEAN YOU CAN GIVE FULL  ACCESS OF S3 , EC2 FOR  A USER AND ONLY READ PERMISSION TO ANOTHER AND RESTRICT ANY PERMISSION FOR ANY OTHER.

3: SECURITY POLICIES : YOU CAN SET SECURITY POLICIES FOR YOUR USERS AND GROUPS LIKE MULTI-FACTOR AUTHENTICATION ,  PASSWORD POLICIES ETC.

4: SECURE LOGIN PERMISSION FOR APPLICATION  : YOU CAN GIVE PERMISSION TO AN APPLICATION TO USE ANY OTHER RESOURCE OF AWS.

5: FEDERATION LOGIN ACCESS: YOU CAN USE ANY THIRD PARTY IDENTITY MANAGEMENT SERVICE ( e.g Windows Active Directory) TO ACCESS THE AWS RESOURCES WITH THE HELP OF IAM. 

THIS WILL HELP USER TO USE EXISTING ID & PASSWORD TO LOGIN TO AWS ACCOUNT & USE AWS RESOURCES WITHOUT CREATING NEW ACCOUNT FOR THEM.

6: INTEGRATED WITH OTHER AWS SERVICES: IAM CAN BE USED WITH OTHER AWS SERVICES e.g  S3 STORAGE SERVICE , LOGIN INTO EC2 INSTANCES ETC.

8: CENTRALIZE ACCESS MANAGEMENT : WITH IAM WE CAN MANAGE  ALL USERS AND GROUPS WITH A SINGLE ROOT ACCOUNT AND GRANT/DENIED PERMISSIONS . ALSO WE CAN MANAGE POLICIES & CONTROL THE USER PERMISSIONS.


TASKS WHICH WE CAN PERFORM IN IAM

> MANAGE USERS & GROUPS : YOU CAN CREATE AN  USER OR GROUPS WITH IAM.

> ACCESS AND PERMISSIONS:  YOU CAN  MANAGE THE ACCESS AND PERMISSIONS OF SPECIFIC USER OR GROUP.

> ROLE :
YOU CAN ASSIGN A ROLE TO ANY USER OR GROUP FOR SHARE ACCESS. 

>POLICIES : YOU CAN CREATE CUSTOMER & PASSWORD MANAGE POLICIES FOR YOUR USERS OR GROUPS.

> MFA: YOU CAN ENABLE MULTI FACTOR AUTHENTICATION FOR  YOUR USER ACCOUNT.

> ROTATE: YOU CAN ROTATE SECURITY CREDENTIAL REGULARLY SO USER CAN CHANGE ITS PASSWORD TIME TO TIME FOR SECURITY REASONS.

>CONDITION : RESTRICT ACCESS WITH SPECIAL CONDITIONS.

> ROOT :
DISABLE OR REMOVE USE OF ROOT

 




Post a Comment

0 Comments