IAM and Shared Security
What is IAM?
IAM is the identity and access management of the AWS console. It is important because it serves as a critical component in the shared security principle of the cloud. You will want to make sure to get to know IAM and why it matters for your organization if you are planning on moving a portion of your environment to the cloud.
Identity and access management seems trivial until it isn’t.
In an era of hacks, leaks, and corporate sabotage, you want to make sure that you have your bases covered. For instance, imagine that you are a solutions architect, and you’re in charge of creating a solution that deals with a shared service for hosting containers for more than ten customers on Amazon ECS.
You want to make sure that each customer can access their data without having access to other account-related data.
What do you do?
You would use IAM roles with ECS tasks to configure the best solution.
IAM, much like the rest of the AWS console, can become full of nuance. But it proves to be very useful in keeping in line with safety in AWS resources. This web service lets you control users, groups, and user permissions for your AWS services.
One can access it through the AWS CLI, the AWS SDKs, and through the AWS management console.
The Master Account
Remember that the initial account, also known as the master account, is the one that can make changes at all levels. The master user has a top-level view of everything that goes on.
It is an account that can create IAM users, IAM groups, and it can grant access and deny it via rules and policies.
It is best to set up your root account and then create an admin account that you use to navigate and control other accounts.
Secure and protect the root credentials at all costs.
Next, IAM users must authenticate and then find authorization before accessing services in the AWS cloud. Remember that users do not get access to anything by default. The admin account must configure access for newly added users and resources.
Master accounts or admins would set policies (JSON documents) that explicitly state what an user can or can’t do.
One significant aspect about IAM roles in AWS is that it allows user to have more access on certain conditions. This means that you can set rules for a user and then have roles for specific activities that you can attach to users at will. IAM roles in AWS helps because it can get to become a hassle if you must go in and change user access permissions regularly based on different tasks.
IAM and Simplicity
IAM roles make life easier for admins. As an organization grows, admins must organize and define the privileges of each member in a more a streamlined manner.
Yassir from Okta states it well when he says that the purpose of IAM is to “grant access to the right enterprise assets to the right users in the right context, from a user’s system onboarding to permission authorizations to the offboarding of that user as needed in a timely fashion.”