IAM in AWS | What is Roles | What is Policy | What is Users | What is Group

IAM in AWS | What is Roles | What is Policy | What is Users | What is Group:

In this article i will discuss about IAM(Indetity and Access Management in AWS) with step by step process:

AWS Identity and Access Management (IAM) is a key component for securely managing access to AWS services and resources. By learning IAM, you gain control over user permissions and roles, helping maintain a secure environment and ensuring users can only access what they’re authorized for.

Here's a structured guide to understanding AWS IAM, followed by practical assignments to reinforce learning.

1. What is IAM in AWS?

IAM (Identity and Access Management) is a service that enables you to control access to AWS resources securely. IAM helps you:

Create and manage AWS users and groups.
Control access permissions for each user or group.
Define policies that grant or deny specific AWS service access.

2. How IAM Works

IAM works by using policies to define permissions:

User: A person or application accessing AWS resources.
Groups: A collection of users with shared permissions.
Roles: Assignable permissions, usually for applications or services requiring access to AWS resources.
Policies: JSON documents specifying permissions, attached to users, groups, or roles.

Certainly! Here’s a comprehensive guide with step-by-step tutorials combined with flowcharts for AWS IAM, making each step visual and actionable.

Step 1: Creating an IAM User

Flowchart & Steps:

1.1)

Start --> IAM Console --> Create User --> Configure Access Type

| |

|--> Console Access --> API Access (Access Keys)

| |

Assign Permissions |

| |

|--> Attach Policy --> Review and Create User

User Created!

1 Open the IAM Console** in AWS Management Console.

2. Create New User:

- Enter a Username (e.g., "developer1").

- Choose Access Type: Select AWS Management Console access for console-based access or **Programmatic access** for API-based access (generates an access key and secret key).

3. Assign Permissions:

Choose Attach existing policies directly and attach policies like AmazonS3FullAccess

4. Review and Create User:** Confirm your selections and click **Create user** to finish.

Assignment 1:

Objective: Create an IAM user with S3 access only.

Steps: Follow the above steps but attach only the **AmazonS3ReadOnlyAccess** policy instead of AdministratorAccess.

Step 2: Understanding and Creating IAM Policies

Flowchart & Steps

Start --> IAM Console --> Policies --> Create Policy --> Choose Service

| | |

|--> Select Permissions <----+--> Set Policy Conditions

| |

|--> Write JSON Policy --> Attach to Users/Roles

```

1. Open Policies in IAM Console** and select **Create policy**.

2. Define Policy Using Visual Editor:**

Choose Service: Select the AWS service (e.g., S3, EC2).

Select Actions: Specify actions like `s3:ListBucket` or `s3:GetObject`.

3. **Add Conditions:** (Optional) Add conditions like IP restrictions or MFA requirements.

4. **Review and Save Policy:** Save and attach this policy to users, groups, or roles.

#### **Assignment 2:**

**Objective:** Create a custom policy that grants EC2 start/stop permissions.

**Steps:** Define a policy that allows `ec2:StartInstances` and `ec2:StopInstances`. Attach it to an IAM user.

---

### **Step 3: Working with IAM Groups**

#### **Flowchart & Steps**

```

Start --> IAM Console --> Groups --> Create Group --> Name the Group

| |

|--> Attach Policies --> Add Users to Group

Group Created!

```

1. **Navigate to Groups in IAM Console** and click **Create New Group**.

2. **Name the Group:** Enter a group name (e.g., "Developers").

3. **Attach Policies:** Select policies that apply to this group (e.g., **AmazonS3ReadOnlyAccess**).

4. **Add Users to Group:** Add users to this group to apply permissions.

#### **Assignment 3:**

**Objective:** Create a "ReadOnly" group for all AWS services.

**Steps:** Use the **ReadOnlyAccess** policy and add users to the group.

---

Step 4: Creating and Using IAM Roles**

Flowchart & Steps

Start --> IAM Console --> Roles --> Create Role --> Choose Trusted Entity

| |

|--> AWS Service (EC2, Lambda) --> Choose Policies

| |

|--> Attach Policy --> Assign Role to Resource

Role Created!

```

1. **Open Roles in IAM Console** and click **Create Role**.

2. **Choose Trusted Entity:** For example, select **AWS Service**.

3. **Select Use Case:** Specify if the role is for EC2, Lambda, etc.

4. **Attach Policy:** Choose policies like **AmazonS3ReadOnlyAccess** or **AWSLambdaBasicExecutionRole**.

5. **Assign Role to Resource:** Attach this role to an EC2 instance or Lambda function as needed.

#### **Assignment 4:**

**Objective:** Create a Lambda execution role with permissions to read from DynamoDB.

**Steps:** Attach the **AWSLambdaBasicExecutionRole** and **AmazonDynamoDBReadOnlyAccess** policies to the role.

Step 5: Enabling Multi-Factor Authentication (MFA)**

Flowchart & Steps**

Start --> IAM Console --> Users --> Select User --> Security Credentials

| |

|--> Enable MFA |

|--> Choose MFA Device |

MFA Enabled!

```

1. **Open IAM Console** and navigate to **Users**.

2. **Select User** and go to **Security credentials**.

3. **Enable MFA:** Click **Manage** next to **Assigned MFA device** and select **Virtual MFA device**.

4. **Configure MFA Device:** Scan the QR code or enter a setup key to enable MFA.

**Assignment 5:**

**Objective:** Enable MFA for an IAM user and log in to test MFA.

**Steps:** Follow the above process to enable MFA and log in to verify the setup.

---

### **Step 6: Monitoring and Auditing IAM Activities with CloudTrail**

#### **Flowchart & Steps**

```

Start --> CloudTrail Console --> Create Trail --> Define Trail Name

| |

|--> Configure S3 Storage --> Enable Logging

| |

|--> Set IAM Permissions --> Monitor Events

Audit Logs Ready!

```

1. **Open CloudTrail Console** in the AWS Management Console.

2. **Create a Trail:** Click on **Create trail** and provide a trail name.

3. **Configure S3 Storage:** Choose an S3 bucket to store the CloudTrail logs.

4. **Enable IAM Permissions Monitoring:** Ensure that the trail includes management events (for IAM actions).

5. **Review Logs in CloudTrail:** Access the S3 bucket to review and analyze logs.

Assignment 6:

Objective: Set up CloudTrail to monitor IAM activities.

Steps:Create a trail that logs IAM events to an S3 bucket and review the logs.

How to create role and assigned to specific user by root user to upgrade permission:

Step1st:

create IAM User with custom password and provide S3ReadOnlyAccess Policy

Step2nd:

Create Role name as ManagerRole and add S3FullAccess policy

Step3rd:

Step4th:

It provide Administrator Access Error

Step-5th:

Go into role of root user account and click on trust relationship section and add user under json policy in principle section.

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Principal": {

"Service": "s3.amazonaws.com",

"AWS": "arn:aws:iam::024848474675:user/navneet"

"Action": "sts:AssumeRole"

}

]

}

Uncontrolled form input in React-JS

Uncontrolled form input in React-JS? If we want to take input from users without any separate event handling then we can uncontrolled the data binding technique. The uncontrolled input is similar to the traditional HTML form inputs. The DOM itself handles the form data. Here, the HTML elements maintain their own state that will be updated when the input value changes. To write an uncontrolled component, you need to use a ref to get form values from the DOM. In other words, there is no need to write an event handler for every state update. You can use a ref to access the input field value of the form from the DOM. Example of Uncontrolled Form Input:- import React from "react" ; export class Info extends React . Component { constructor ( props ) { super ( props ); this . fun = this . fun . bind ( this ); //event method binding this . input = React . createRef ();...

قراءة المزيد

بحث هذه المدونة الإلكترونية