AWS Identity and Access Management(IAM) Simplified

IAM Identity Center VS IAM

IAM Identity Center

AWS IAM Identity Center is that the latter manages access for all AWS accounts within an AWS Organization, as well as access to other cloud applications (jumpcloud)

  • an organisational tool for managing Identity
  • provide a universal login

Identity and Access Management

manage access to AWS services and resources within an AWS account

  • the AWS way of handling account access
  • provide an AWS login
  • API access
Security best practices in IAM - AWS Identity and Access Management
Follow these best practices for using AWS Identity and Access Management (IAM) to help secure your AWS account and resources.

Enable IAM Identity Center

  • Dashboard->Settings summary (on the right)
    • set an Instance name
    • custom AWS access portal URL
  • IAM Center is region-related

Add a Group

  • Groups
  • for grouping sub-users
  • connect with a permission set

Add a User

  • Users
  • can stand alone and connect with a permission set
  • but better managed in groups

Customise a Permission Sets

  • Permission sets
  • a permission set is for restricting what a sub-user can perform

Assign the Group to the AWS Account

  • AWS accounts
  • assign the group to the AWS Account and with permission set to restrict its behaviour

Issues

  • unable to grand Cost and Usage access
    • Login Root Account
    • Profile -> Account
    • scroll down to the Section after AWS Regions - IAM user and role access to Billing information
    • toggle Activate IAM Access

IAM

If you need API access to use the SDK of cli, use IAM instead of the IAM Identity Center.


CloudTrail

  • Event history
  • Visualised user activity