AWS IAM (Identity and Access Management)

Wakeupcoders - Digital Marketing & Web App Company

5 min readAug 26, 2020

AWS Identity and Access Management (IAM) helps you to safely control connections to the AWS infrastructure and resources. You can build and control AWS accounts and groups using IAM, and use approvals to enable and restrict access to the AWS services. IAM is a benefit on your AWS account and is delivered at no extra charge.

In IAM we have a different method to control the access to AWS service:

Users:

Creates accounts if you want to provide access to your AWS account to other accounts without sharing your login credentials.

Policies:

User permissions, groups, and roles can be defined with policies. Policies are the building blocks for determining what action to take with what assets.

Groups:

Groups make access management easy for multiple users. For example, you could create a group of “servers” with permissions to spin up instances of EC2 and add multiple users to this group. This way we can create EC2 instances for the users in this group. Changes to permissions within this group will affect all users belonging to that group.

Roles:

Roles are identical to users because they possess rights for an AWS name. Roles are also used because, for example, you choose to allow access to AWS services which the customer does not usually have.

let us learn how to create IAM role and users:

Step 1: log in to the AWS console as shown in the previous blog, then go to the services option and then go to the Security, Identity & Compliance and select the IAM option.

Step 2: Now you can see your IAM dashboard, go to the left side, and select Users option as shown in the below image.

Step 3: Click on the Add User option as marked in the below image.

Step 4: Enter the user name, select the AWS access type as marked in the below image, then set the password and check the required password reset and then click on the next permissions.

Step 5: Select add a user to group option and click on the create group button.

Step 6: Select the other option copy permissions from the existing user and you can see no result found.

Step 7: Click on the Attach existing policies and select the AdministratorAccess option as shown in the below image and then click on the next tag option.

Step 8: After this, if you want to add any tag then add tag and then click on the next review option as shown in the below image.

Step 9: Review your settings and then click on the create user option.

Step 10: After that go to the dashboard again and on the left side choose the groups option and click over that.

Step 11: Select the Create a new group option as marked in the below image.

Step 12: Give the name to your group and click on the next step button in the bottom as marked in the below image.

Step 13: Attach the policies you want to attach to your group, in the below image we have chosen the first two options, giving the permissions for lambda and S3 bucket and then click on the next step button in the downside.

Step 14: Click on the create group option as marked below.

Step 15: So this is how we create the groups for IAM service.

Step 16: Now we are going to create a role to give the access of one service to others so that we can integrate one service to others to create a project, so click on the roles and then click on the create role button marked in the below image.

Step 17: we have to choose for which service we are going to create a role, here we have chosen lambda so we are going to create a role for the lambda function and then click on the next permission button.

Step 18: Choose the services you want to give access to the lambda to connect with, we selected the first two options you can choose anyone like S3, Comprehend, etc and then click on the next tag options.