Introduction

Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. With an AWS IAM Full Guide framework in place, information technology (IT) managers can control user access to critical information within their organizations.

This user created by Root user he is the Admin. He will give permission to the user that what he has to access. To do this we have created one AWS account.

Next, it’s important to know all steps

• What are AWS Management Console and how-to login?
• IAM?
• Creat Concept e a user in IAM?
• Create a group of users in IAM?
• Assign users to group in IAM?
• How to Create a new policy?
• Assign the Custom policy to User?
• Add MFA to root user?
• Disable IAM User?
• How to change IAM password?

AWS Management console:

• It is a web application for managing Amazon Web Services.
• This console provides an inbuilt user interface to perform AWS tasks like working with Amazon S3 buckets, launching and connecting to Amazon EC2 instances, setting Amazon Cloud Watch alarms, etc.
• AWS provides 1year Free access.
• If we exceed the limits of free access AWS will charge what we used.

How to login to AWS Management Console?

• Open a web browser.
• Go to the URL http://aws.amazon.com/console/. When you click on URL this page will be appear.

• Their up-Right corner you can see “Sign in to the console” click on it.
• The sign in page will be appeared.
• There you will find 2 types of sign in Root user and IAM user.
• Root user means you’re the admin of the AWS Management console.
• IAM user means Root user create a sub user.

• If you don’t have AWS account create it by clicking “Create a new AWS account” it’s like a Facebook account creation, it easy to create an account.
• Already have an AWS account go for sign in by choosing “Root User and give your registered email address then click on Next” .

Then it goes to password page, enter the password and click “Sign button”

The AWS Management Console home page appears.

• Apparently, now we can access several AWS services.
• Left side, we find services where we can find all the services which AWS provides.
• Click on“Services”.

• We will find various services like Compute (EC2, Lambda, etc.), Storage (S3,EFS, Glacier, etc.), Security, identity & Compliance (IAM, Cognito, etc), etc. this is some services AWS provides.
• Click on “IAM” in Security column.

• The dashboard of IAM will appear.
• The left side we will see Access management (Users, Groups, Roles, Policy, etc), Access Reports (Access Analyzer, Active rules, etc).
• The dashboard we see IAM sign in user link (Which we give to the users), IAM Resources.
• In IAM resources we see how many users we have created, groups, Roles assigned, Customer Manage Policy and Security status.
• In that, we have to Delete your root access because there is a chance of others use your account.
• Active MFA, create individual IAM user, Use Group to assign permissions, Apply an IAM Password Policy these all we see in further documentation.

How to create IAM user?

• Click on “Users”, We can click in IAM resources or on lift side board.

We will get the users which is already present, if new we have to create.

These are the steps to create:

• Click on “Add user”.

We to have fill the details by giving user name (we can add another user if we want).

We to have fill the details by giving user name (we can add another user if we want).

• Then it will ask access type, they are Programmatic access and AWS Management Console access.

• AWS Management Console Access:We will assign console password to the user, with that he can login to IAM user.
• By know click on “AWS Management Console Access”.
• We will get Console Password in that we have to options Autogenerated Password (password will be generated automatically) and Custom Password (we have to give the password).
• Now Click on “Custom Password”.
• Click “Required Password rest” (when user login first time he has to re-set the password).

• Click “Next button”.

• We see “Add user to group”, this option is used to Add the user to group which existed, the permission given to that group will apply to user.
• Next option is “Copy permission from existing”, which copy permission of the user already existed same permission will be copied to new user.

Next option is “Attach existing policy directly”, it will give existing policy in IAM.

• These are policies exists in IAM, we can give any permission to user that he can access that service. (ex. Amazon EC2Readonly access, which gives access to read EC2)
•  As per your need, you can select access pattern.
• As know select click “Attach existing policies directly”.
• Give Amazon EC2Readonly Access.

“Next Tags”.

• Tags it is an simple why to find user.
• Click “Next Review”.

We can Review the details which you have given.
Now Click on “Create user”.

• We send user name and password to the user through Mail id, and we can download the user id and password.
• By clicking “Download.csv”, which is above the user name.

Let’s check wither IAM user is working or not:

• Go to dashboard their you will find “IAM user sign in link”, there we can customize the link by giving alias name. click on “Customize”

Click on “Yes Delete”, it deletes existing link.

• Give Account Alias name.
• click on “Yes create”.

Now copy the link and “open in browser “. Sign in page will appear.

Give the user name, password, and Click on “Sign in” button.

• Then Create new password for the IAM user account.
• Click on “Confirm New Password”.

• Check whether given permission is working or not.
• Click on “Services go to EC2”

• This user can only access EC2Readonly services other than tet he can’t perform any option.

Programmatic access:

It enables Access key ID and Security key to the users, this is used by command prompt there we will give this Access key ID and Security key.

• Click on “Programmatic Access”

Click on “Next”.

Then “Select the policy”, which you want to give access to user.

Press “Next Tags”.

Click on” Next Review”, which we can review the details given.

Now Click on “Create user”.

We will get the Access key id and Security key.

• To chick this we have to install CLI (Command Line Interface) in windows.
• After installing go to windows search click on“command prompt”.

Then command to list all EC2 machine running.

How to create a Group in IAM?

• Same as creating IAM user but here we will create a group of users.
• Login to Root user, go to “Services” and click on “IAM services”.
• There in the dashboard we will find Groups.
• Click on “Groups”.

Click on “Create new Group”.

• Give the Group name.
• Click on “Next step”.

• Attach some polices to the group.
• Click on “Next”.

• We can review the details which we given like group name, policy given (I given 3 policies we can give any number of policies as per our need).
• Click on “Create Group”.

How to add Users to the Group?

Click on “Group name ISSRead”.

Click on “Add users to Group”.

• Select which “Users you want to make a Group”.
• Click on “Add Users”.

we can Add or Remove any user by clicking on “Remove User from the Group” and “Add user to Group”.

Let’s see if this Group permissions are Added or not to Users.

• Now let see whether these permissions are working or not.
• First login to the IAM user.
• Go to “services” and select the “services which we given”.
• Click on “VPC services”.

• This is one of the IAM user in IAM groups, it got access to services which it has no access before because the group permissions are added to that IAM user.
• I can assure that remaining IAM users in the Group got access to the services that given to Group.
• If we want to access other than the permissions given to us, we can’t perform.
• It shows an error like “you are not authorized to perform this action”.

How to create a policy?

• They are 3 types of policies
• Customer Managed Policy: Which is  created by AWS customer, it is known as Custom policy he can only use it .
• AWS Managed policy: Which is managed by AWS itself everyone can access it.
• AWS managed-job function policy: which is used for job functions. It is also managed by AWS.
• Let’s see how to create a policy.
• Go to IAM dashboard there you see policy on the left corner of the dash board.
• Click on “Policies”.

• They are total 683 policies are present as per now, these all can be used as per your needs.
• We can see Left up there is an create option to create an policy.
• Click on “Create Policy”.

We have a visual editor (policy can be created without programming) and JSON (this policy can be created by doing programming in JSON format).

• To easy this we go with visual editor.
• Visual editor click on“service”.
•  Select action for “which service you want to create policy”.

• Then it asks what access level you want to give like Read, Write, Tagging, List, and Permission management.
• As per my need I go with “EC2Read access”.
• Select “Read option”.

Next in Resources column select “All Resources”, which means giving permission to all Read-only actions.

Click on “Review policy”.

• Give some name to the policy.
• Describe that policy that what action it will perform.
• It summery of what you given.
• Click on “Create Policy”.

Assign this policy to the existing IAM User?

• Go to “users page”, there you will see the existing IAM users.
• Select “one user”.

Click on “Add Permissions”, which is above the Policy name.

• There select “Attach existing policy directly”.
• Select the “policy you created”.
• Then click on “Next”.

Click on “Add permissions”.

• Let’s check wither it is working or not.
• By “login to the IAM user”, to whom you assigned created policy.
• Then go to “services”, select “EC2 services”

• Go to IAM dashboard there you see policy on the left corner of the dash board.
• Click on “Policies”
• We can see Left up there is an create option to create an policy.
• Click on “Create Policy”.

• Visual editor click on “service”.
•  Select action for which service you want to create policy.

• As per my need I go with “S3Read access”.
• Select “Read option”.

Click on “Add Permissions”, which is above the Policy name.

• There select “Attach existing policy directly”.
• Select the “policy you created”.
• Then click on “Next”.

Click on “Add permissions”.

• Let’s check wither it is working or not.
• By “login to the IAM user”, to whom you assigned created policy.
• Then go to “services”, select “S3 services”.

How to give Multi-Factor Authentication (MFA) to the Root User?

• Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials.
•  It is a critical component of identity and access management (IAM).
• Login to “Root User”.
• Go to “services”, click on “IAM”.
• The IAM Dashboard will appear.
• There we will see Multi-Factor Authentication (MFA).
• Click on “Manage MFA”.
  
  Above are AWS IAM Full Guide steps.

Mainly it has three MFA devices, they are Virtual MFA device, U2F Security key, another hardware device. AWS IAM Full Guide steps are as follows

Virtual MFA devises applications “it can be used by installing a phone app like Google Authenticator, Microsoft Authenticator, etc”.

• The Virtual MFA devices perfect to your project because remaining are cost based.
• Select “Virtual MFA devices”.

• As shown above “Download any app using this app scan QR code”.
• You will get 2 MFA codes.
• By entering these codes, we can Assign MFA to the Root user.
• Click on “Assign MFA”.

• Now let’s try wither MFA was working or not.
• For that we have to “sign out”.

Sign in back to the Root User.

Click on “Sign in”.

In the meantime, in the installed app we will get the code, by typing that code we can login to Amazon Management console.

How to Enable MFA to the IAM User?

AWS IAM Full Guide steps are as follows

• Go to Services, and click on IAM.
• We get IAM Dashboard.
• Click on “Users”.
•  There select “Any user”.

After all, Click on “security Credentials”.

• We see some managing options like Console password (we can manage password in case we forgot password), Assigned MFA device, etc.
• By using Assigned MFA device, we can assign MFA code to users
• Click on “Manage in Assigned MFA device”.

Furthermore, After entering the code click on “Assign MFA”.

• Let’s check wither it is working or not.
• By “sign in to the IAM User”. (we know how to login to IAM user)

• Enter IAM user name and password.
• Click on “Sign in”.

• By giving code which appeared in Microsoft Authentication.
• Click on “Submit”.

Furthermore,With this we can conclude that it is working. AWS IAM Full Guide more steps….

How to disable the IAM user?

AWS IAM Full Guide

• Go to Services, and click on IAM.
• We get IAM Dashboard.
• Click on “Users”.
•  There select “Any user”.

• There you can see right top corner Delete user option.
• Click on “Delete User”.

• It asks wither you allow to use another user to use this user name for another users account.
• Allow it and click on “Yes Delete”.
• The user will be Deleted.

How to Change IAM Password?

• Go to Services, and click on IAM.
• We get IAM Dashboard.
• Click on “Users”.
•  There select “Any user”.

Click on “security Credentials”.

• Click on “Security Credentials”.
• In that go to Console Password.
• Click on “Manage option”

• Go to set a password, and select a custom password.
• Give the changed password to the user.
• Click on “Apply”.
• The changed password is applied to the IAM User.
• With that, we can assign to the IAM user.
• So, this is how we change the password to the IAM user.

Conclusion:

Therefore, Creating this IAM user is to control who is authenticated (signed in) and authorized (has permissions) to use resources. We allow a person to do work with our AWS account. This is very useful to the companies because with one Root user we can do multiple works. This saves time and the cost (pay for the services which are not meant to be free). Overall, this is the uses of IAM and we came to know that how to create an IAM user, Groups, Policies, Assign MFA, etc. AWS IAM Full Guide.