What is identity Access management (IAM management)

Identity Access management (IAM management) is the organizational process for ensuring individuals have the appropriate access to technology resources.

IAM management involves several key components including user authentication, authorization, and access control policies. These systems help organizations maintain security by managing user identities, roles and permissions across their IT infrastructure. Through proper IAM implementation, organizations can enforce the principle of least privilege, ensuring users only have access to the resources they need to perform their jobs. This involves identifying and verifying users, then authorizing their access to specific applications, systems, and networks. Access is controlled by assigning appropriate rights and restrictions to each verified identity.

AWS Identity Lifecycle Management

Introduction Identity Lifecycle Management (ILM) in AWS ensures that users, roles, and permissions are managed securely throughout their lifecycle. This document provides an overview of best practices for managing identities in AWS effectively.

image1.png

AWS IAM (Identity and Access Management) - Simplified

  1. What is IAM? IAM (Identity and Access Management) is an AWS service that controls who can access AWS resources and what actions they can perform. It helps manage users, groups, and permissions securely.

  2. IAM Admin An IAM Administrator is a user or role with full control over IAM, responsible for managing users, groups, roles, and security settings. They typically have the AdministratorAccess policy.

  3. Multi-Factor Authentication (MFA) MFA adds an extra layer of security by requiring users to enter a one-time code from an authentication device (like Google Authenticator) in addition to their password.

Steps to enable MFA:

a) Go to AWS IAM Console → Users b) Select the user → Click Security credentials c) Click Assign MFA device → Choose a virtual or hardware MFA device d) Scan the QR code using an MFA app → Enter the generated codes

  1. Adding Users in IAM a) Open the IAM Console → Go to Users b) Click Add User c) Enter a username → Select AWS Management Console access or Programmatic access d) Set a password (or auto-generate) e) Assign to a group or attach policies d) Click Create User

  2. Adding Users to a Group a) Open IAM Console → Go to Groups b) Select a group → Click Add Users to Group c) Select users → Click Add

  3. Granting Permissions to Users & Groups Permissions are granted by attaching IAM policies to users or groups.

Granting permissions to a group:

a) Open IAM Console → Go to Groups b) Select a group → Click Permissions c) Attach an existing AWS managed policy or create a custom policy d) Click Save changes

Granting permissions to a user:

a) Open IAM Console → Go to Users b) Select a user → Click Permissions c) Attach a policy (e.g., AmazonS3FullAccess to allow full S3 access) d) Click Save