The article series will help you go through and understand Identity and Access Management under AWS Services. It is a web service which helps you to securely access and control AWS resources for your users, you can also define what resources users can use to which they are authorized.
In year 2016 AWS had more than 1000 services to successive year progress beginning since year 2004, for announcements of past & upcoming new services stay tuned at https://aws.amazon.com/new/ .
The objective of this article series to make you understand high level on the IAM features, it is free to use and no charge is applicable except for the use of other AWS services.
(Check what services are charged at https://aws.amazon.com/pricing/).
There are two ways how you access the AWS services either through AWS Management Console Access or Programmatic access which we will see further in this article. To start with we will use browser-based interface to manage IAM and AWS resources.
Once you log into your AWS portal either paid or free tier you will be able to view all the features which you can use under the selected region (some services may or may not be available based on the region).
Once you login into your AWS account through web below is the view which will be displayed. Select your region where you want to deploy your AWS services. You might not be able to view the service what you are looking for and hence take time to run through the link to know what AWS services are available under specific region https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
Now when you have selected the desired region it will list the available services and for now we will be focusing on the IAM Identity & Access Management. IAM is not region specific but Global that’s why when you see the next slide the region is replaced by Global. Let us now go through the IAM option and see the available features.
By default it will create an access link for the management console using some number, we can change it with our desired alias as long it is available. If you see next slide in our case I have changed it to https://awsmumbai.signin.aws.amazon.com/console by clicking on customize option
As you see the link is updated with the desired alias “awsmumbai” which was available at that time.
The next step activate MFA on your root account, it is the same account through which you signed up the AWS, for security reason lets activate and configure it. Click on manage MFA.
There are two type of MFA device (Virtual and Hardware) and in our case we will configure virtual MFA device.
We must have AWS MFA-compatible application on our smart phone, PC or any device which is supported and you can find a list of AWS MFA-compatible applications https://aws.amazon.com/iam/details/mfa/
In our case I have selected Google Authenticator on my Android OS phone. Google authenticator is freely available on Google play store, download and install as per the next slide.
Download the Google Authenticator from Google Play Store
Select begin to start & select the option Scan a barcode to generate a code as shown in the next slide.
We have to scan the barcode so that Google Authenticator can recognize the AWS service for MFA and once you scan you will get the code as shown in the next slide which needs to be entered below.
You must enter the code one by one, you notice the code changes once is blue circle resets
Post that confirm the MFA device was successfully associated.
Quickly to see how it looks like now when you quickly log off and try to login again you will see the login screen with below option, it will ask for authentication code all you need to do is get the code under Google Authenticator app and enter here. It will allow you to login successfully.