Q: WHAT IS IAM 'IDENTITY ACCESS MANAGEMENT'?
A: AN IDENTITY ACCESS MANAGEMENT IS A WEB BASED MANAGEMENT TOOL OF AWS CLOUD TECHNOLOGY TO MANAGE YOUR USERS, GROUPS AND THEIR PERMISSIONS UNDER ROOT AWS ACCOUNT. YOU CAN ADD , REMOVE , MODIFY AND CONTROLS THEIR PERMISSIONS WITH THE HELP OF IAM.
BELOW ARE THE KEY FEATURES OF USING IAM
> ROLE : YOU CAN ASSIGN A ROLE TO ANY USER OR GROUP FOR SHARE ACCESS.
A: AN IDENTITY ACCESS MANAGEMENT IS A WEB BASED MANAGEMENT TOOL OF AWS CLOUD TECHNOLOGY TO MANAGE YOUR USERS, GROUPS AND THEIR PERMISSIONS UNDER ROOT AWS ACCOUNT. YOU CAN ADD , REMOVE , MODIFY AND CONTROLS THEIR PERMISSIONS WITH THE HELP OF IAM.
BELOW ARE THE KEY FEATURES OF USING IAM
1: SHARE ACCESS : IAM CAN BE USE TO PERMIT ACCESS OF ANY RESOURCE OR ACCOUNT TO OTHER USER WITHOUT GIVEN THEM THE PASSWORD.
2: GRANULAR PERMISSION : YOU CAN GRANT MANY PERMISSION TO MANY USERS FOR MANY RESOURCES . THAT MEAN YOU CAN GIVE FULL ACCESS OF S3 , EC2 FOR A USER AND ONLY READ PERMISSION TO ANOTHER AND RESTRICT ANY PERMISSION FOR ANY OTHER.
3: SECURITY POLICIES : YOU CAN SET SECURITY POLICIES FOR YOUR USERS AND GROUPS LIKE MULTI-FACTOR AUTHENTICATION , PASSWORD POLICIES ETC.
4: SECURE LOGIN PERMISSION FOR APPLICATION : YOU CAN GIVE PERMISSION TO AN APPLICATION TO USE ANY OTHER RESOURCE OF AWS.
5: FEDERATION LOGIN ACCESS: YOU CAN USE ANY THIRD PARTY IDENTITY MANAGEMENT SERVICE ( e.g Windows Active Directory) TO ACCESS THE AWS RESOURCES WITH THE HELP OF IAM.
THIS WILL HELP USER TO USE EXISTING ID & PASSWORD TO LOGIN TO AWS ACCOUNT & USE AWS RESOURCES WITHOUT CREATING NEW ACCOUNT FOR THEM.
6: INTEGRATED WITH OTHER AWS SERVICES: IAM CAN BE USED WITH OTHER AWS SERVICES e.g S3 STORAGE SERVICE , LOGIN INTO EC2 INSTANCES ETC.
8: CENTRALIZE ACCESS MANAGEMENT : WITH IAM WE CAN MANAGE ALL USERS AND GROUPS WITH A SINGLE ROOT ACCOUNT AND GRANT/DENIED PERMISSIONS . ALSO WE CAN MANAGE POLICIES & CONTROL THE USER PERMISSIONS.
TASKS WHICH WE CAN PERFORM IN IAM
> MANAGE USERS & GROUPS : YOU CAN CREATE AN USER OR GROUPS WITH IAM.
> ACCESS AND PERMISSIONS: YOU CAN MANAGE THE ACCESS AND PERMISSIONS OF SPECIFIC USER OR GROUP.
> ROLE : YOU CAN ASSIGN A ROLE TO ANY USER OR GROUP FOR SHARE ACCESS.
>POLICIES : YOU CAN CREATE CUSTOMER & PASSWORD MANAGE POLICIES FOR YOUR USERS OR GROUPS.
> MFA: YOU CAN ENABLE MULTI FACTOR AUTHENTICATION FOR YOUR USER ACCOUNT.
> ROTATE: YOU CAN ROTATE SECURITY CREDENTIAL REGULARLY SO USER CAN CHANGE ITS PASSWORD TIME TO TIME FOR SECURITY REASONS.
>CONDITION : RESTRICT ACCESS WITH SPECIAL CONDITIONS.
> ROOT : DISABLE OR REMOVE USE OF ROOT
>CONDITION : RESTRICT ACCESS WITH SPECIAL CONDITIONS.
> ROOT : DISABLE OR REMOVE USE OF ROOT
0 Comments