Skip to main content
HashnodeDeployToCloud

Command Palette

Search for a command to run...

Day 8: AWS Identity and Access Management (IAM) πŸš€

Published
β€’3 min read
Day 8: AWS Identity and Access Management (IAM) πŸš€
P
Prasad Suman Mohan

πŸ‘‹ Hello! I'm passionate about DevOps and have over 1+ years of experience in the field. I'm proficient in a variety of cutting-edge technologies and always motivated to expand my knowledge and skills. Let's connect and grow together!

SKILLS:

πŸ”Ή Languages & Runtimes: Python, Shell Scripting, HCL, YAML πŸ”Ή Cloud Technologies: AWS, Microsoft Azure, GCP πŸ”Ή Infrastructure Tools: Docker, Terraform, AWS CloudFormation πŸ”Ή Other Tools: Linux, Git and GitHub Actions, Jenkins, Jira, GitLab (beginner), Docker, AWS DevOps πŸ”Ή Web Development: HTML, CSS, Bootstrap, Python, SQL

Job & Responsibilities:

πŸš€ Improved development efficiency by implementing CI/CD pipelines, resulting in a 30% reduction in deployment time on the test server. πŸ”’ Strengthened deployment and testing reliability by utilizing Docker containers and optimizing Dockerfile, reducing development issues on the test server by 20%. βš™οΈ Automated S3 bucket log creation with Shell scripting, eliminating 100% of manual search and saving 2 hours per week. πŸ“… Scheduled EC2 instance start/stop using Lambda functions and Event Bridge, leading to a 25% decrease in infrastructure costs. πŸ”§ Utilized AWS, Linux, Python, Docker, Shell scripting, Terraform, Jenkins Pipelines, and automation to streamline workflows and improve overall system performance.

I'm very detail-oriented and possess strong written and verbal communication skills. As a high performer with a possibility mindset, I strive to solve problems using efficient approaches.

Let's Connect & Grow:

If you find my profile suitable for the role you are searching for, please feel free to reach out to me at sumanprasad9766@gmail.com.

Introduction to IAM: Users & Groups 🌐

Welcome to Day 8 of our AWS Solutions Architect journey! Today, we're exploring AWS Identity and Access Management (IAM) is a powerful global service that allows you to manage access to your AWS resources securely. Let's dive into the fundamentals, starting with users and groups:

IAM Overview

IAM is designed to handle identity and access management on a global scale. By default, AWS provides a root account, but it's a best practice to avoid using or sharing the root account for security reasons.

Users and Groups

  • Users: These are individuals within your organization, each having a unique identity. Users can be organized into groups for easier management.

  • Groups: Primarily a way to organize users. However, groups cannot contain other groups. A user can belong to multiple groups or none at all.

Example:

  • Alice, Bob, Charles, David, and Edward are individual users.

  • There are two groups: Developers and Operations.

  • Additionally, there's an Audit Team, represented by Fred.

Understanding IAM Permissions πŸ›‘οΈ

IAM's strength lies in its ability to assign permissions to users and groups through JSON-based policies. Here are the key concepts:

Policies

  • IAM policies are JSON documents specifying what actions are allowed or denied.

  • Applying the principle of least privilege is crucial. Only grant the permissions necessary for a user or group to perform their tasks.

Example Policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "elasticloadbalancing:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:ListMetrics",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:Describe*"
      ],
      "Resource": "*"
    }
  ]
}

IAM Policies in Action 🎬

Policies Inheritance

  • Policies can be attached directly to users or groups.

  • Users can inherit permissions from both attached policies and group memberships.

Example Diagram:

Alice, Bob, Charles, David, Edward
    β”œβ”€β”€ Developers (Group)
    β”œβ”€β”€ Operations (Group)
    β”œβ”€β”€ Audit Team (Group)
        β”œβ”€β”€ Fred (User)

IAM Policies Structure

  • Policies consist of:

    • Version: Specifies the policy language version, always include "2012-10-17."

    • Id: An optional identifier for the policy.

    • Statement: The core of the policy, comprising one or more individual statements.

Statement Structure:

  • Sid: An optional identifier for the statement.

  • Effect: Determines whether the statement allows or denies access (Allow, Deny).

  • Principal: The account/user/role to which this policy applies.

  • Action: A list of actions allowed or denied by the policy.

  • Resource: A list of resources to which the actions apply.

  • Condition: Optional conditions for when the policy is in effect.

Conclusion πŸš€

Understanding AWS IAM is fundamental to securing your cloud infrastructure. By grasping the concepts of users, groups, and policies, you lay the foundation for a robust and secure access management strategy. IAM's flexibility empowers you to implement the principle of least privilege effectively, ensuring your AWS resources stay secure and accessible only to those who need them. Happy IAM-ing! πŸ”

#90daysofdevops#devops#developer#trainwithshubham#web-development#90daysofdevops-chanllenge#cloud#terraform#technology#technical-writing-1#webdev#web3#python#kubernetes

Comments (2)

Join the discussion
D
Dhananjay kulkarni2y ago

Amazing JobπŸ‘

H
Himanshu Singh2y ago

nice

1
P
Prasad Suman Mohan 2y ago

Thank you so much Himanshu Singh

More from this blog

D

DeployToCloud

405 posts

πŸ‘‹ Welcome to my Hashnode blog! I'm a DevOps Engineer with 2+ years of experience. Join ~5k followers and explore 320+ blogs on Python, AWS, Docker, Jenkins, Linux, and more. Let's connect & grow πŸš€