AWS IAM (Identity and Access Management)

What is IAM (Identity and Access Management), Why IAM is important and Why it requires? In this article (Day 2 of AWS Series), we’ll understand All about IAM using a real-life example and then implement it practically in AWS.

What is AWS IAM?

IAM (Identity and Access Management) is an AWS service that helps you:

• Authenticate users (who can log in)

• Authorize users (what they can do)

IAM ensures secure and controlled access to AWS resources.

Why IAM is Important?

Imagine giving everyone in your company root access to AWS. if any user accidentally deletes the EC2 instance, database or S3 bucket so with one wrong click, your database or production server is gone that’s where IAM comes in - it ensures secure, controlled, and role-based access.

Real-Life Analogy → Bank Security:

IAM is just like a bank. it allows only authenticated people to enter, access is granted based on role like (customer, employee, admin) and sensitive areas are restricted like documents, money vault. IAM works exactly the same way.

Authentication vs Authorization:

Authentication means “Who are you?” and Authorization means “What are you allowed to do?” so IAM handles both.

IAM Components Explained:

IAM Users:

Users represent people, they are created to allow login to AWS (Console or CLI) and handles authentication.

IAM Policies:

IAM policies define permissions and handle authorization by deciding what actions are allowed or denied such as reading data, creating resources, or deleting services.

Example:

Read-only access to S3

Full access to EC2

IAM Groups:

• IAM groups are collections of users that simplify permission management by reducing manual effort. instead of assigning permissions to each user, permissions are assigned to the group.

Example groups:

• Developers

• QA

• DB Admins

• Others

IAM Roles:

IAM roles are used when applications or AWS services need to access AWS resources, including service-to-service and cross-account access. Roles provide temporary credentials without using usernames or passwords and are not intended for human users, but primarily for services.

Root User:

• AWS Root user has full access and should never be shared. it should be used only for initial setup, billing and critical account-level changes and always use IAM users in real projects.

Practical Flow (Hands-on Summary)

Step 1: Login as Root

• Create AWS account

• Access IAM service.

Step 2: Create IAM User

• Username: user-123

• Enable AWS Console access

• Auto-generate password

• Force password reset on first login

Result:
✅ User can log in
❌ User cannot access any AWS service.

Step 3: Observe No Authorization

• Try accessing:

  • S3

  • EC2

• Permission denied

This proves authentication ≠ authorization.

Step 4: Attach Policy

• Attach AmazonS3FullAccess.

• User can now:

  • List buckets

  • Create buckets

Step 5: Create IAM Group

• Group: Development

• Attach policies:

  • S3 Full Access

  • EC2 Full Access

Step 6: Add Users to Group

• Add multiple users

• Permissions applied automatically

This saves time and effort.

Key Takeaways:

• IAM controls who can do what.

• Users = authentication

• Policies = authorization

• Groups = permission management

• Roles = service-to-service access

• Never use root user for daily work. Always use IAM User.

Final Thoughts:

IAM is the foundation of AWS security. If you understand IAM well, learning other AWS services becomes much easier.

Thank you so much for reading. If this article helped you, share it with someone learning DevOps and Cloud🚀

Happy learning!😉