top of page

Working with Identity and Access Management (IAM)                                                

Identity and Access Management (IAM) service, a way of tweaking access control and the AWS credential environment in ways that made the system more hospitable to enterprise users. IAM is automatically included withe very AWS account, and you don’t need to do anything to activate it.

 

IAM functionality

IAM offers these excellent features:

✓ User management: You can create multiple users within a single account and provide them with different account resource access controls. Users can also be assigned to groups, and access controls can be assigned at the group level, which then implements those controls for each person within the group.

✓ Centralized control of user identities and access credentials: IAM is used to manage all user identities and access credentials, thereby centralizing and simplifying a complex and important control mechanism.

✓ AWS resource controls: You can control what users can access given AWS resources by placing controls on specific AWS resources. You may,for example, allow certain users within your organization to access company data stored in S3, while preventing other users who have no needto access the data from being able to interact with the S3 object.

✓ AWS resource creation controls: You can restrict where users cancreate AWS resources. If you want to ensure that only users in the USWest region launch new instances, for example, IAM can be used to enforce that rule.

✓ AWS resource sharing across accounts: You can provide access to AWS resources within your account to people in other accounts. This may beuseful if you want your organization to collaborate with a partner company or if your company uses different accounts for different departments.

✓ Consolidated billing: You can receive a single bill for all user activity within AWS, rather than an individual bill for each user. Consolidating billing simplifies your cost management because it allows easy examination of all AWS costs in a single billing statement. It also reduces your overall AWS cost because you can take advantage of reduced pricing associated with higher levels of AWS resource use and allows you to take better advantage of reservation pricing.                 

 

When you implement IAM, each user gets a unique identity and password, and a user-specific set of security credentials. You create IAM policies that are applied as users attempt to access AWS resources. The policies define access controls and can be written to apply to specific users or to groups of users.                              

 

Using IAM

IAM is a service that you may not see a need for until, all of a sudden, you realize that you needed it yesterday, as your AWS use spirals out of control and you don’t know who is doing what. Don’t implement IAM as you first begin experimenting with AWS, however, but do closely track how your organization continues to use AWS. When you begin to have multiple groups involved with AWS, when you’re running multiple applications in AWS, or you’re deploying production applications within AWS, you should strongly consider moving to IAM. It’s definitely somewhat more complex than vanilla AWS identity management, but it offers real enterprise functionality as your AWS use scales both involume and in numbers of users interacting with AWS.

 

IAM cost

IAM is free to users.

© 2023 by Name of Site. Proudly created with Wix.com

  • Facebook App Icon
  • Twitter App Icon
  • Google+ App Icon
bottom of page