Outcome: To understand the working of Identity and Access Management IAM in cloud computing and to demonstrate the case study based on Identity and Access Management (IAM) on AWS/Azure cloud platform.
Hello Everyone, Today we are going to learn how to implement Identity and Access Management (IAM) in AWS Cloud.
In Companies, there is a need for data abstraction. A Data Scientist only needs to read the data for business analysis. An accountant only needs to check the billing of the aws and a developer of EC2 instance doesn't need to access the Billing. So for this reason, AWS has IAM services in which the company's manager can allot only specific services to his friends or employees.
You can also click on the image and skim through the article for instructions.
Steps to Implement IAM services in AWS
1. Open AWS Cloud Console
At First, we will open the AWS Cloud Console. This is the root account of AWS so we can access all the services from here. We will now implement IAM to allow only few resources of AWS to work in the IAM user's console.
2. Search For IAM
Search for IAM and Click on IAM. IAM is used to manage the users which can access the services.
3. Click on User Groups in the Access Management Dropdown
Now we are in the Identity and access management (IAM) console of AWS. We need to first create a group in IAM. To do that we need to click on user groups in the Acces Management dropdown of the left navigation bar (As stated in the picture).
What is a group in IAM services of AWS?
A group is a collection of IAM users having similar access to the policies. It can be defined for any particular department in your company. For example a group called ec2 can be created for all the backend developers working on the ec2 instances of the project.
4. Click on Create Group
5. Give a group name and add the group policies
We will give a name to our group. Here we are giving ec2 as name because our user group can access all the services of EC2 instances.
Later we need to select the policies. We are selecting AmazonEC2FullAccess policy for our user group. Then Click on Create group to create the group.
6. Click on Users in the access management dropdown
Till now, we have successfully created a ec2 user group. Here, we have created the group for the backend developers. Now we need to add the users to that group. For that purpose, we will click on users.
"Its similiar to creating a whatsapp group first and then adding the members to the group"
7. Click on Add users
We will click on add users to add users to the user group.
8. Add a username and a password
give a username to the user. Now here we are adding the user with permissions to AWS Management Console. So we will click on the second option of credential type i.e Password.
a) Give a Username
b) Click on Password
c) Select Autogenerated password
d) Click on Next
We are selecting reset password on login. The user will need to change the password when he tries to login for the first time.
9. Select the User Group which we created earlier
Now we will select the ec2 user group which we created earlier.
This is an optional step to add the tags. tags can used to quickly access the username. Here we are skipping this step.
Review your settings and click on create user.
We have created the IAM user account named blockchainuser. Save the password by downloading the .csv file which contains the user credentials.
Now we wil try to login to this account to check whether the IAM credentials is working or not.
Click on the blue link which is at the bottom of the success window.
10. Checking the Credentials
Now we need to check the credentials which we have created. So now, We are on the aws login screen.
We need to select IAM user. If you have clicked the link, the information will be prefilled with your account id. I have removed that for security purposes.
We need to reset the password after we have logged in the details.
We have successfully logged into the aws console using the blockchain user credentials. We have successfully changed the credentials. On the top right we can see that the current login is from the blockchainuser.
Now we will vist the EC2 console to check whether we can access the EC2 isntances using the blockchainuser IAM account.
Now we will check that can we check the billing console of the aws. From the below ScreenShot, you can see that although we are in the billing console, but we cannot see the bill as we don't have the permission to do so.
We have implemented IAM services in amazon web services. We now know how to give only specific groups of users the permissions to access only specific resources of aws.
Feel Free to ask any questions in the comment section.