1) IAM Introduction: Users, Groups, Policies – AWS Certified Solutions Architect Associate Course SAA-C02

1) IAM Introduction: Users, Groups, Policies – AWS Certified Solutions Architect Associate Course SAA-C02 – IAM & AWS CLI– Welcome to the first deep dive on AWS Service, The first one is called IAM.

  • So IAM Stands for identity access management.
  • It is a global service because
  • in IAM we are going to create our users and assign them to group.
  • So we’ve already used IAM without knowing,
  • when we created an account, we created a root accounts,
  • and has been created by default.
  • This is the root user of our accounts.
  • and the only things you should use it for is
  • to set up your account as we’ll do it right now.
  • But then you shouldn’t use that account anymore.
  • or even share it.
  • what you should be doing instead, is create users.
  • So you will create users in IAM.
  • and one user represents one person within your organization.
  • and the users can be grouped together if it makes sense.

 

So let’s take an example we have an organization with six people.

  • You have Alice, Bob, Charles, David, Edward and Fred.
  • So all these people are in your organization.
  • Now Alice, Bob and Charles they work together.
  • They’re all developers.
  • So we’re going to create a group called
  • the group developers who regrouping Alice, Bob And Charles.

  • And it turns out that David and Edward also work together.
  • So we’re going to create an operations group.
  • now we have two groups within IAM.
  • Now groups can only contain users, not other groups.
  • So this is something very important to understand.
  • Groups only contain users.
  • Now, some users don’t have to belong to a group.
  • For example, Fred right here is alone,
  • he does not correspond to any group.
  • That is not best practice.
  • But it is something you can do in AWS.
  • And also, a user can belong to multiple groups.
  • That means that for example, if you know that Charles and David worked together,
  • and they’re part of your audit team,
  • you can create a third group with Charles and David.
  • And as you can see, now, in this example,
  • Charles and David are part of two different groups.

 

So this is the possible configurations for IAM.

  • So why do we create users and why do we create groups?
  • Well, because we want to allow them to use our AWS Accounts.
  • and to allow them to do so,
  • we have to give them permissions.
  • So users or groups can be assigned what’s called a JSON document.
  • I’ll show you right now what it means called a policy.
  • an IAM Policy.
  • So it looks just like this.

  • So you dont have to be a programmer.
  • This is not programming.
  • This is just describing in, I think plain English,
  • what a user is allowed to do or what a group and all the user within that group are allowed to do.
  • So in this example, we can see that we allow people
  • to use the EC2 service and do describe on it,
  • to use the elastic load balancing service.
  • and to describe on it.
  • and to use CloudWatch.
  • Now we’ll see what EC2, elastic load balancing and CloudWatch mean, but through this JSON document, that looks just like this.
  • we are allowing our users to use some services in AWS.
  • so these policies will help us define permissions of our users.
  • So in AWS, you dont allow everyone to do everything.
  • that would be catastrophic,
  • because a new user could basically launch so many services.
  • and they will cost you alot of money.
  • or would be valid for security.
  • So in AWS, you apply a principle called the least privilege principle.
  • So you dont give more permissions than a user needs.
  • Okay, so if a user just needs access to three services,
  • just create a permission for that user.
  • So now we have seen an overview IAM.
  • Lets go in the next lecture to practice creating users and groups.

 

By Sai Charan Paloju

Trained AWS Certified Solutions Architect Associate Course SAA-C02/Content Writer/Creator, Masters Degree- Software Engineering, Bachelors Degree- Computer Science & Engineering, Youtuber- Host/Interviewer/Content Creator/Video Editor, Podcaster- Host/Interviewer/Content Creator/Editor, Technical Writer, Social Media Manager/Influencer Ex-Professional Cricketer mailme@smartcherrysthoughts.com https://smartcherrysthoughts.com/

Leave a Reply

Your email address will not be published. Required fields are marked *