IAM allows users to manage users and their level of access to the AWS console.
Features of IAM:
1. Centralised control of your AWS account.
2. Shared Access to your AWS account.
3. Granular permissions.
which allow to access required services among all. can restrict services which don't need.
4.identity federation(including Active Directory, Facebook, LinkedIn etc)
- Active Directory: Potential user can login to AWS account using same credentials, which is used to login to physical host.
- Facebook credentials are used, in case of gaming applications and some data is stored in AWS account.
6. Allows you to set up your password rotation policy ( example for every 3 months).
Key Terminology for IAM:
1. user - end users
2. Groups - collection of users
where a set of authorizations are inherit by all the group memebers.
example: set of users only need access for S3 bucket
Set of users only need access for EC2.
3.Policies: JSON file,which is used to give permissions as to what a user/Group Role is able to do
4.Roles: users can create roles and assign them to AWS resource to perform some task.
ex: integration of EC2 with S3 bucket.
Practical Steps:
1. After login in to AWS console with credentials.
2.Navigate to below section.
Services --> Security,identity, & Compliance --> IAM
3.Then the below screenshot screen will appears.
where points 1,2 & 3 in the screen are for:
- This the Actual link, that an AWS admin can share with their AWS end users to access,resource allocated for them.
- Customize option: using this customize option, DNS name can be changes.if it is not access to any one else before.suppose acloudguru2020ryan is available in the IAM link. instead of that can use TESTIAM . the the link will changes to https://TESTIAM.signin.aws.amazon.com/console.
3.Then the copy button is used to copy the https link and share to concern one.
4. Then the very next steps in the above screen is to activate MFA(multi factor authorization) on your root account.
This step need to do, because if some one even have AWS root user credentials. He/She can't able to login to AWS account with out this MFA passcode.
To activate MFA for the root account:
- click on the Activate MFA on your root account (as shown in the above screenshot).
5.Then screen prompts to few conformation screens.read and conform them.
6.Click on Activate MFA as shown below.
7. Need to select below highlighted option.
8.Then download google google authenticator app from play store.to generate passcodes.
9.Once after the download of Google authenticator app from playstore. click on continue in the above screen shot.
10.Open the Google Authenticator app now and click on + sign as shown in the below screenshot. 
11.Then from the mobile google authenticator app,scan the QR code of AWS MFA from point 9.
9.Once after the download of Google authenticator app from playstore. click on continue in the above screen shot.
- For backup purpose better take screenshot of below QR code.
Then in the Google authenticator app, for every fixed intervel of time like for every 2 minutes, the passcodes will be generated back to back.As per the 3rd point in the point 9 screen shot.enter 2 consecutive MFA codes from google authenticator app.
12. Then Click on Assign MFA. 
13. conformation screen for virtual MFA. 
14.Now in the Dashboard section also. The conformation screen will appears with green tick as shown below:
Hence enabling MFA code authentication for root user is configured successfully and completely. Creating new IAM users concept will be publish in my next post.
No comments:
Post a Comment