Hello All
With IAM, we can centrally manage permissions that control which AWS resources users can access. we use IAM to control who is authenticated (signed in) and authorised (has permissions) to use resources.
When we create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account
IAM is mainly using for user management and permission in AWS. With IAM we can manage
- User Groups
- Roles
- Policies or Permissions
- AWS Command Line Interface [CLI]
- Access key / Secret Access Key
- User to service communications
- Service to service Communications
- Multi factor Authentication - [MFA]
- IAM in AWS is Global service and not specific to any regions
Create user group - we will create group and add the user later on this group
This group is to manages full access for EC2 services alone. Members of this groups can only can access EC2 services , and not any another services , like S3, etc
Adding the users in to the group without console access. We may the console enable the access later as well.
Select the group
click next and create group
Creating another user with Console Access and assigning the permission directly
Save this info
How to login with AWS console with newly created account " Ravi "
step 1 : Make a note of the AWS account ID in IAM
login to https://console.aws.amazon.com/console/home
Enter the 12 digit account ID
and enter your user and password
Now you have logged in to AWS console as RAVI and able to access only EC2 services
He can able create , delete , manage the EC2 instance as he is having full permission given from IAM services, however, he cannot access other services like S3 Buckets in AWS
So this is called user to service communications . In next blogs. we will see, how to access AWS CLI - Command Line Interface from IAM service. Happy Learning 😃
Comments
Post a Comment