Saturday , April 29 2017

Understanding AWS Identity and Access Management (IAM)

The article series will help you go through and understand Identity and Access Management under AWS Services. It is a web service which helps you to securely access and control AWS resources for your users, you can also define what resources users can use to which they are authorized.

In year 2016 AWS had more than 1000 services to successive year progress beginning since year 2004, for announcements of past & upcoming new services stay tuned at https://aws.amazon.com/new/ .

The objective of this article series to make you understand high level on the IAM features, it is free to use and no charge is applicable except for the use of other AWS services.

(Check what services are charged at https://aws.amazon.com/pricing/).

There are two ways how you access the AWS services either through AWS Management Console Access or Programmatic access which we will see further in this article. To start with we will use browser-based interface to manage IAM and AWS resources.

Once you log into your AWS portal either paid or free tier you will be able to view all the features which you can use under the selected region (some services may or may not be available based on the region).

Once you login into your AWS account through web below is the view which will be displayed. Select your region where you want to deploy your AWS services. You might not be able to view the service what you are looking for and hence take time to run through the link to know what AWS services are available under specific region https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

image

 

Now when you have selected the desired region it will list the available services and for now we will be focusing on the IAM Identity & Access Management. IAM is not region specific but Global that’s why when you see the next slide the region is replaced by Global. Let us now go through the IAM option and see the available features.

image

image

By default it will create an access link for the management console using some number, we can change it with our desired alias as long it is available. If you see next slide in our case I have changed it to https://awsmumbai.signin.aws.amazon.com/console by clicking on customize option

image

As you see the link is updated with the desired alias “awsmumbai” which was available at that time.

image

The next step activate MFA on your root account, it is the same account through which you signed up the AWS, for security reason lets activate and configure it. Click on manage MFA.

image

There are two type of MFA device (Virtual and Hardware) and in our case we will configure virtual MFA device.

image

We must have AWS MFA-compatible application on our smart phone, PC or any device which is supported and you can find a list of AWS MFA-compatible applications https://aws.amazon.com/iam/details/mfa/

image

In our case I have selected Google Authenticator on my Android OS phone. Google authenticator is freely available on Google play store, download and install as per the next slide.

image

Download the Google Authenticator from Google Play Store

image

Select begin to start & select the option Scan a barcode to generate a code as shown in the next slide.

image

image

We have to scan the barcode so that Google Authenticator can recognize the AWS service for MFA and once you scan you will get the code as shown in the next slide which needs to be entered below.

image

You must enter the code one by one, you notice the code changes once is blue circle resets

image

Post that confirm the MFA device was successfully associated.

image

Quickly to see how it looks like now when you quickly log off and try to login again you will see the login screen with below option, it will ask for authentication code all you need to do is get the code under Google Authenticator app and enter here. It will allow you to login successfully.

image

About Charles Derber

Charles Derber is an IT Consultant, Volunteer & Speaker. He is Passionate about IT Technology & has an experience for a Decade in this Industry. His expertise is consulting on IT Infrastructure & Cloud, helping customers all over the world to plan, design & implement.

Check Also

Build Your Own LAB – Cross-Region Replication for AWS S3

Cross-Region replication feature enables asynchronous automatic replication of copying objects between two AWS regions. You ...

Leave a Reply

Your email address will not be published.