AWS IAM Workflow
Source: cloudanix
Let us first define the elements of IAM Workflow to understand its working better.
The IAM workflow has the following six elements:
- A principal is an entity that executes actions on an AWS resource. A role, a user, or an application can be a principal.
- Actions are used to create, view, delete or edit a resource.
- Resources: A list of actions can be performed on a resource related to your AWS account.
- Authentication is confirming the principal's identity and trying to authorize an AWS product. For authentication, the principal should provide its required keys or credentials.
- Request: A principal sends a request to AWS specifying the action and which resource should perform it.
- Authorization: All resources are denied by default. IAM authorizes a request if all parts of the proposal are allowed by a matching policy. After authorizing and authenticating the request, AWS approves the action.
AWS IAM generally performs two tasks:
-
IAM ensures that the user, software, or hardware is who they say they are by establishing their credentials against a database. IAM cloud identity tools are more assured and easygoing than traditional username and password solutions.
- Identity access management techniques grant only the suitable level of access. Rather than a username and password authorizing entrance to a full software suite, IAM permits for slim portions of entry to be portioned out, i.e., editor, viewer, and commenter in a content management system.
Features of AWS IAM
The features of AWS IAM are as follows:
- Shared access to the AWS account
Users can share the data for the collaborative projects, which allows you to create separate passwords and usernames for individual users or resources and delegate access
It is used to set a license to use a particular service but not other services but denies the user the ability to update information through the policies.
- Multifactor authentication
An AWS gives multifactor authentication as we must enter the security check code, username, and password to log in to the AWS Management Console.
AWS IAM is a feature of the AWS account offered at no additional charge. There is no additional charge for creating other users, groups, or policies.
- Supports PCI DSS Compliance
The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard for organizations authorizing branded credit cards from the major card schemes. IAM accepts this standard.
Components of AWS IAM
There are mainly Four components of IAM:
Users
An IAM user is an identification with an associated credential and its permissions. It can be an actual person who is a user, or it can be an application that is a user. You can securely manage access to AWS with user services by creating an IAM user name for each employee in your organization.
Groups
A group of IAM users is an IAM group. We can utilize it to authorize permissions for multiple users so that any licenses will apply to the group used to the individual users in that group. Managing groups is relatively easy. We can set permissions for the group, which all the users in the group automatically use.
Roles
An IAM role defines as that allowed and denied by an entity in the AWS console. It is more similar to a user in that any type of entity can control. Role permissions are temporary credentials. For example, you want to authorize a mobile app to use AWS resources without saving the key, password, or other certificates.
Policies
An IAM policy allows controls and permission access to AWS resources. Policies are stored as JSON documents in AWS. Permissions tell who has authorized the resources and what actions they can perform.
For example, AWS customers can also create their own managed policies. It also allows users to manage a single Amazon S3 bucket and denies every other AWS action and resource.
Since you get some idea of the AWS IAM, We will close the article now with faqs.
FAQs
What is IAM, and how does IT works?
Identity and access management (IAM) provides that the right people and job positions in your organization can access the instruments they need to do their jobs. Identity management and permit systems allow your organization to address employee apps without logging into each app as an administrator.
How do IAM policies work?
IAM policies define permissions for action regardless of your method of operation. For example, suppose an approach allows the GetUser movement. In that case, a user with that policy can get user information from the AWS Management Console, the AWS CLI, or the AWS API.
What is the difference between Is Azure AD and IAM?
According to Microsoft documentation, Azure AD is an identity management service, and IAM is used for access control. Azure AD is responsible for authentication, and Azure IAM is responsible for authorization.
What is the job of an IAM role?
An IAM role is unique to create in your account with detailed approvals. An IAM role is equivalent to an IAM user. Amazon's essence with authorization policies resolves what the identity can and cannot do in Amazon.
How does IAM work in GCP?
IAM lets you grant granular entry to specific Google Cloud resources and helps control access to other resources. IAM allows you to embrace the safety principle of least privilege, which states that nothing should have more authorizations than they need.
Conclusion
In this article, we have extensively discussed AWS IAM, its features, workflow, and various components.
After reading about the AWS IAM, are you not feeling excited to read/explore more articles on the topic of AWS? Don't worry; Coding Ninjas has you covered. To learn, see Important AWS Interview Questions, AWS EC2 Auto Scaling, AWS CloudHSM, AWS License Manager, and AWS DeepRacer Part-1.
Refer to our Guided Path on Coding Ninjas Studio to upskill yourself in Data Structures and Algorithms, Competitive Programming, JavaScript, System Design, and many more! If you want to test your competency in coding, you may check out the mock test series and participate in the contests hosted on Coding Ninjas Studio! But if you have just started your learning process and are looking for questions asked by tech giants like Amazon, Microsoft, Uber, etc; you must look at the problems, interview experiences, and interview bundle for placement preparations.
Nevertheless, you may consider our paid courses to give your career an edge over others!
Do upvote our blogs if you find them helpful and engaging!
Happy Learning!
34+ registered 
