AWS IAM role and Group policy

IAM is one of the most important and widely used services from AWS. It allows you to create and manage AWS users and groups. And also give permission to them whether the particular service is accessible by that users or not.

In simple words, IAM can be used to which users or services can talk to which services on AWS.

IAM is a global service. You do not specify any region while working with IAM. For best practice, you should set up MFA.

Let’s suppose a simple example, you created a lambda function that puts User data into DynamoDB. In this case, the lambda needs sufficient roles or permission to do the job. So we create a policy and attach it to the lambda. Which will look something like this in JSON
{
  "version": "2012-10-17" ,
  "statement": [
      {
         "sid": "visualEditor",
         "Effect": "Allow"
         "Action": "dynamodb:GetItem",
         "Resource": "arn:aws:dyanmodb:us-east-1:860269591288:table/Product"
      }
]
}

IAM consists of four main components User, Group, Roles, Policies.
The concept of Users and Groups is the same as in the Linux file system.

Roles
Roles are used by AWS resources and roles may contain multiple policy documents.

Policies
Policies are JSON documents and define what Users, groups, and Roles can do within AWS. For example, to create an administrative user, the policy document will be
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

The * represents full access.





Recent Comments

No comments

Leave a Comment