AWS IAM (Identity and Access Management)

Overview

AWS IAM lets you manage access to AWS services and resources securely. IAM enables you to create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

Real-life Use Cases

  • Cloud Architect: Design least-privilege access policies for multi-account environments.

  • DevOps Engineer: Automate user and role provisioning for CI/CD pipelines.

Terraform Example

resource "aws_iam_user" "ci_user" {
  name = "ci-cd-user"
}

resource "aws_iam_policy" "readonly" {
  name   = "readonly-policy"
  policy = data.aws_iam_policy_document.readonly.json
}

resource "aws_iam_user_policy_attachment" "attach" {
  user       = aws_iam_user.ci_user.name
  policy_arn = aws_iam_policy.readonly.arn
}

AWS CLI Example

aws iam create-user --user-name ci-cd-user
aws iam attach-user-policy --user-name ci-cd-user --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess

Best Practices

  • Use groups to assign permissions to users.

  • Enable MFA for privileged users.

  • Regularly audit IAM policies.

Common Pitfalls

  • Overly permissive policies (e.g., *:* actions).

  • Not rotating access keys.

Joke: Why did the IAM user get locked out? Because he forgot his policy statement!

Last updated