This content originally appeared on DEV Community and was authored by Ayesha Arshad
Identity and Access Management is one of the major components of the Triads of AWS Cloud Security. AWS is a vast collection of over 200 Web Services. And these Web Services are interacted with using API calls. Identity and Access Management provides the means to Authenticate, Secure and Authorize these API calls.
These API calls are either made by Users or other Digital Entities (other Applications or AWS Resources themselves). And Identity and Access Management help authenticate and authorize them all.
Morphology
Identity and Access Management (IAM) consists of two sections:
- I(Identity)-Authentication: Authenticates the requester either a Human entity (User) or Digital Entity (other Applications or AWS Resources).
- AM(Access Management)-Authorization: Helps you secure access to AWS Cloud Resources.
IAM Identities
IAM identities are a way to authenticate the API caller. These identities include:
- Users
- Groups
- Roles
API calls are made via three main mediums:
- AWS Console
- AWS Command Line Interface (CLI)
- AWS Language-based Tools and SDKs (like BOTO3, Terraform or Node-Red)
Types of IAM Policies
IAM Policies can be categorized into two types based on Actors:
- Identity-based Policies: Describes what an identity (users, groups and roles) has access to.
- Permission Boundary: Describes the maximum amount of access an Identity-based Policy can provide to an identity. Access of an entity to a resource is decided if allowed by both Identity-based Policy and Permission boundary.
- Resource-based Policies: Describes who has access to a specific resource.
A further classification of Identity-based Policies include two types:
- AWS Managed Policies: These policies are pre-designed by AWS and just need to be attached to users.
- Customer Managed Policies: Customer Managed Policies are a customer-specific combination of permission sets and they can be attached to any entity(users, groups and roles).
- Inline Policies: Inline Policies are also a kind of customer-managed policy but they are limited to the scope of a specific user or role.
This content originally appeared on DEV Community and was authored by Ayesha Arshad
Ayesha Arshad | Sciencx (2022-04-22T16:43:53+00:00) All you need to know about AWS Identity and Access Management (IAM). Retrieved from https://www.scien.cx/2022/04/22/all-you-need-to-know-about-aws-identity-and-access-management-iam/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.