Working with AWS IAM Service

Prerequisites

1.AWS Account: Ensure you have an active AWS account.

IAM Permissions: You need sufficient permissions to create IAM users, roles, and groups.
MFA Device: Set up Multi-Factor Authentication (MFA) for enhanced security.


This content originally appeared on DEV Community and was authored by Git-Geetansh

Prerequisites

1.AWS Account: Ensure you have an active AWS account.

  1. IAM Permissions: You need sufficient permissions to create IAM users, roles, and groups.
  2. MFA Device: Set up Multi-Factor Authentication (MFA) for enhanced security.

Security Best Practices

  1. Use MFA: Enable MFA for all IAM users to add an extra layer of security.
  2. Least Privilege Principle: Grant only the permissions necessary for users to perform their tasks.
  3. Regular Audits: Regularly review and remove unused IAM users, roles, and permissions.
  4. Strong Password Policies: Enforce strong password policies for all IAM users.
  5. Temporary Credentials: Use temporary credentials for applications and services instead of long-term access keys12.

Steps to Create IAM User, Role, and Group

1. Login to AWS Console

  • Navigate to the AWS Management Console.
  • Enter your credentials and complete MFA if enabled. AWS management console 2. Create IAM Group
  • In the IAM dashboard, click on User Groups > Create New Group.
  • Enter a group name.
  • Attach policies to the group to define permissions.
  • Review and create the group.

Example Use Case: Create a group named Developers and attach the AmazonEC2FullAccess policy. Add all developer IAM users to this group to manage EC2 instances without needing to assign permissions individually.
IAM groups

3. Create IAM User

  • In the IAM Service, Click on Users > Add user.
  • Enter a username and select the type of access (Programmatic access, AWS Management Console access). IAM USer
  • Set permissions by attaching policies directly or adding the user to a group.(Here we are adding user to the group created in the previous step)adding user toGroup
  • Review and create the user. Download the .csv file with access keys if programmatic access is enabled.

Example Use Case: An IAM user named John-Doe is created for a new developer joining your team. This user is granted programmatic access to interact with AWS services via the AWS CLI.

4. Create an IAM Role

  • Open the IAM Console:
  • Create Role: In the navigation pane, choose Roles and then Create role.
  • Select Trusted Entity: Choose AWS service and select EC2. Creating a role for ec2
  • Attach Policies: Choose Next: Permissions. Attach a policy like AmazonS3FullAccess. attach policy
  • Role Name: Enter a Role name (e.g., S3AccessRole) and choose Create role. JSON policy this is how a policy looks like in JSON

5. Create an S3 bucket

  • Create an s3 bucket that we will access through the ec2 instance.
  • ACLs : Disabled
  • Unblock all public access.
  • Upload a few images to s3 bucket creating an s3 bucket

6. accessing s3 bucket using ec2 instance

  • launch an ec2 instance that will be used to access the s3 bucket.
  • use an ssh agent like (Putty/Mobaxterm) to connect to you instance. (steps for the above are depicted in my other posts)
  • modify the IAM role of the instance by selecting the instance > security > modify IAM role attach the role we created earlier. attaching the role

7. Install AWS CLI (if not already installed)

  • Install AWS CLI:
  • If the AWS CLI is not installed, you can install it using the following
    commands:
    sudo yum update -y
    sudo yum install aws-cli -y

  • Configure AWS CLI:

  • You don’t need to configure the AWS CLI with access keys because the
    instance will use the IAM role. However, you can verify the
    configuration:

aws configure

  • Leave the access key and secret access key fields empty and set the
    default region and output format.

  • Access the S3 Bucket

  • List Buckets:

  • Verify that you can list your S3 buckets:

aws s3 ls

  • Access Your Specific Bucket:
  • List the contents of your specific bucket:

aws s3 ls s3://your-bucket-name

AWS CLI

  • You can also copy files to and from the bucket. For example, to copy a file from your bucket to your instance:

aws s3 cp s3://your-bucket-name/your-file.txt /path/to/destination

Conclusion

In this project, we successfully demonstrated how to manage AWS Identity and Access Management (IAM) by creating an IAM user, role, and group. We also explored how to assign an IAM role to an EC2 instance to enable it to access an S3 bucket. These tasks are fundamental for ensuring secure and efficient management of AWS resources, which is crucial for any cloud-based project.


This content originally appeared on DEV Community and was authored by Git-Geetansh


Print Share Comment Cite Upload Translate Updates
APA

Git-Geetansh | Sciencx (2024-09-11T13:35:10+00:00) Working with AWS IAM Service. Retrieved from https://www.scien.cx/2024/09/11/working-with-aws-iam-service/

MLA
" » Working with AWS IAM Service." Git-Geetansh | Sciencx - Wednesday September 11, 2024, https://www.scien.cx/2024/09/11/working-with-aws-iam-service/
HARVARD
Git-Geetansh | Sciencx Wednesday September 11, 2024 » Working with AWS IAM Service., viewed ,<https://www.scien.cx/2024/09/11/working-with-aws-iam-service/>
VANCOUVER
Git-Geetansh | Sciencx - » Working with AWS IAM Service. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/09/11/working-with-aws-iam-service/
CHICAGO
" » Working with AWS IAM Service." Git-Geetansh | Sciencx - Accessed . https://www.scien.cx/2024/09/11/working-with-aws-iam-service/
IEEE
" » Working with AWS IAM Service." Git-Geetansh | Sciencx [Online]. Available: https://www.scien.cx/2024/09/11/working-with-aws-iam-service/. [Accessed: ]
rf:citation
» Working with AWS IAM Service | Git-Geetansh | Sciencx | https://www.scien.cx/2024/09/11/working-with-aws-iam-service/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.