Introduction
Amazon Web Services (AWS) acknowledges this and provides a robust solution in the form of Identity and Access Management (IAM).
Amazon Web Services (AWS), a leading cloud services provider, recognizes the importance of robust access control.
IAM enables you to manage users, groups, policies, and permissions to access and use AWS services and resources.
Understanding IAM Components:
Access management
User groups
Users
Roles
Policies
Identityproviders
Accountsettings
Accessreports
AccessAnalyzer
External access
Unusedaccess
Analyzersettings
Credentialreport
Organizationactivity
Service control policies (SCPs)
Access Management: Access management refers to the processes and policies used to control access to resources within a system or organization. It involves granting or denying access rights to users or groups based on their identities and permissions.
User Groups: User groups are collections of users who share common characteristics or permissions. Group membership simplifies access management by allowing administrators to assign permissions to entire groups rather than individual users.
Users: Users are individual entities within a system who interact with resources and applications. Each user typically has a unique identity and may be assigned specific roles or permissions.
Roles: Roles define a set of permissions or privileges that are assigned to users or groups within a system. Roles streamline access management by grouping together related permissions and assigning them to users based on their job functions or responsibilities.
Policies: Policies are rules or guidelines that dictate access control and security within a system. Access policies define who can access what resources under what conditions, while security policies outline rules for safeguarding data and systems.
Identity Providers: Identity providers (IdPs) are services or systems that manage and authenticate user identities. They typically provide authentication services for single sign-on (SSO) and federated identity management.
Account Settings: Account settings encompass configurable options and preferences related to user accounts within a system. This may include settings such as password policies, account lockout thresholds, and session management options.
Access Reports: Access reports provide insights and analytics on user access activities within a system. They may include information such as login times, resource access attempts, and permission changes.
Access Analyzer: Access Analyzer is a tool or feature that helps identify and analyze access control configurations within a system. It may provide recommendations for improving security posture and compliance with access policies.
External Access: External access refers to the ability of users outside of an organization's network to access its resources or services. This may involve remote access solutions, VPNs, or publicly accessible applications.
Unused Access: Unused access refers to permissions or accounts that are assigned to users but not actively utilized. Identifying and revoking unused access helps reduce the risk of unauthorized access and maintain security hygiene.
Analyzers Settings: Analyzer settings configure parameters and preferences for access analyzers, such as scan frequency, scope of analysis, and notification settings.
Credential Report: Credential reports provide information about user credentials stored within a system, including usernames, passwords, and associated permissions. They help administrators monitor and manage user access and security.
Organization Activity: Organization activity logs record events and actions performed within a system by users, administrators, and automated processes. They serve as an audit trail for tracking changes and troubleshooting issues.
Service Control Policies (SCPs): SCPs are policy documents in AWS (Amazon Web Services) that define the maximum permissions allowed for accounts and entities within an organization. SCPs are used to enforce security and compliance policies across AWS accounts.