To study and implement Identity and Access Management (IAM) practices on AWS Cloud



Outcome: To understand the working of Identity and Access Management IAM in cloud computing and to demonstrate the case study based on Identity and Access Management (IAM) on AWS/Azure cloud platform.


Hello Everyone, Today we are going to learn how to implement Identity and Access Management (IAM) in AWS Cloud.


In Companies, there is a need for data abstraction. A Data Scientist only needs to read the data for business analysis. An accountant only needs to check the billing of the aws and a developer of EC2 instance doesn't need to access the Billing. So for this reason, AWS has IAM services in which the company's manager can allot only specific services to his friends or employees.


You can also click on the image and skim through the article for instructions.


Steps to Implement IAM services in AWS

1. Open AWS Cloud Console

2. Search For IAM

3. Click on User Groups in the access management dropdown

4. Click on Create Group

5. Give a group name and add the group policies

6. Click on Users in the access management dropdown

7. Click on Add users

8. Add a username and a password

9. Select the User Group which we created earlier

10. Checking the Credentials


1. Open AWS Cloud Console

At First, we will open the AWS Cloud Console. This is the root account of AWS so we can access all the services from here. We will now implement IAM to allow only few resources of AWS to work in the IAM user's console.

AWS IAM Services tutorial for College Practicals and Students
We have opened the AWS Cloud Console

2. Search For IAM

Search for IAM and Click on IAM. IAM is used to manage the users which can access the services.

practical on how to implement IAM services in AWS.
Search for IAM and Click on IAM

3. Click on User Groups in the Access Management Dropdown

Now we are in the Identity and access management (IAM) console of AWS. We need to first create a group in IAM. To do that we need to click on user groups in the Acces Management dropdown of the left navigation bar (As stated in the picture).


What is a group in IAM services of AWS?

A group is a collection of IAM users having similar access to the policies. It can be defined for any particular department in your company. For example a group called ec2 can be created for all the backend developers working on the ec2 instances of the project.

how to create user groups in iam
Click on user groups

4. Click on Create Group

Click on Create Group
Click on Create Group

5. Give a group name and add the group policies

We will give a name to our group. Here we are giving ec2 as name because our user group can access all the services of EC2 instances.

give a name to the user group
give a name to the user group

Later we need to select the policies. We are selecting AmazonEC2FullAccess policy for our user group. Then Click on Create group to create the group.

Select AmazonEC2FullAcess for EC2 access for the user group
Select AmazonEC2FullAcess for EC2 access for the user group

6. Click on Users in the access management dropdown

Till now, we have successfully created a ec2 user group. Here, we have created the group for the backend developers. Now we need to add the users to that group. For that purpose, we will click on users.


"Its similiar to creating a whatsapp group first and then adding the members to the group"

ec2 group created now click on users to add users
ec2 group created now click on users to add users

7. Click on Add users

We will click on add users to add users to the user group.

Click on add users
Click on add users

8. Add a username and a password

give a username to the user. Now here we are adding the user with permissions to AWS Management Console. So we will click on the second option of credential type i.e Password.

a) Give a Username

b) Click on Password

c) Select Autogenerated password

d) Click on Next


We are selecting reset password on login. The user will need to change the password when he tries to login for the first time.

add user name and add selected autogenerated
add user name and add selected autogenerated

9. Select the User Group which we created earlier

Now we will select the ec2 user group which we created earlier.

Select the user group ec2
Select the user group ec2

This is an optional step to add the tags. tags can used to quickly access the username. Here we are skipping this step.

skip the tags
skip the tags

Review your settings and click on create user.

Click on Create User after reviewing the parameters
Click on Create User after reviewing the parameters

We have created the IAM user account named blockchainuser. Save the password by downloading the .csv file which contains the user credentials.


Now we wil try to login to this account to check whether the IAM credentials is working or not.


Click on the blue link which is at the bottom of the success window.

blockchainuser is created. Download csv file or view the password for first time login
blockchainuser is created. Download csv file or view the password for first time login


10. Checking the Credentials

Now we need to check the credentials which we have created. So now, We are on the aws login screen.


We need to select IAM user. If you have clicked the link, the information will be prefilled with your account id. I have removed that for security purposes.


Login to check the working of IAM credentials
Login to check the working of IAM credentials

We need to reset the password after we have logged in the details.

Reset the login credentials
Reset the login credentials

We have successfully logged into the aws console using the blockchain user credentials. We have successfully changed the credentials. On the top right we can see that the current login is from the blockchainuser.

We have logged in using blockchainuser IAM credentials
We have logged in using blockchainuser IAM credentials

Now we will vist the EC2 console to check whether we can access the EC2 isntances using the blockchainuser IAM account.

the blockchainuser can access the ec2 istances
the blockchainuser can access the ec2 istances

Now we will check that can we check the billing console of the aws. From the below ScreenShot, you can see that although we are in the billing console, but we cannot see the bill as we don't have the permission to do so.

The iam user cannot access the billing as we have only given the EC2 access to the user
The iam user cannot access the billing as we have only given the EC2 access to the user

Conclusion

We have implemented IAM services in amazon web services. We now know how to give only specific groups of users the permissions to access only specific resources of aws.


Feel Free to ask any questions in the comment section.


Any Questions????



32 views0 comments