How is your AWS IAM portal configured?
Careful management of access credentials is the foundation of how you will secure your resources in the cloud.
Published Dec 28, 2024
I would like to get started with this article just explaining the importance of AWS IAM portal, if it's configure correct by you. When you create an AWS account, the initial identity granted to you has full access to all services and resources within the account. This identity is used to set up users with restricted permissions and implement role-based access through IAM. IAM serves as a unified system for managing individual user accounts and defining their access rights within your AWS environment. Every action performed within AWS is authenticated for security.
I am doing this introduction because I am work with AWS platform, and actual role is security, so I need understand and keep the cloud environment working fine, we cannot provide any space for malicious attacker, is very important to configure AWS IAM, it's the main service in AWS that envolves security. So, my recommendation for you is check all the resources and cover that root user, roles, policies is match with least privilege and the good practices for AWS accounts. This is my AWS IAM portal, as you can see I have configured the security recommendations:
- Root user has MFA ✅
- Root user has no active access keys ✅
IAM provides the infrastructure necessary to control authentication and authorization for your AWS accounts. You can create IAM users, user groups, and IAM roles. Identity credentials are associated with users and roles, and permissions are assigned to the users, user groups, and roles. Let's check some IAM resources from dashboard. 👇👇👇
In the AWS IAM dashboard you will see 5 resources that make part of IAM. Is very important to keep all those resources according to the AWS recommendations. Take a look at this documentation for best practices.
An IAM group is a collection of users. Groups allow you to specify permissions for similar types of users. For example, if you have a group named Developers, you can give that group the types of permissions that developers typically need.
An IAM user is an entity within your AWS account that represents a person or application interacting with AWS services. IAM users are created and managed through AWS IAM.
IAM roles allow you to delegate access to users, applications, or services that normally don't have access to your organization's AWS resources. You can assume a role to obtain temporary security credentials that you can use to make AWS API calls
Security Note: Regularly review and remove unused roles we recommend that you reduce permissions and remove unused roles with the goal of achieving least-privilege permissions.
You manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. An identity-based policy is an object in AWS that, when associated with an IAM identity, defines their permissions.
Makes it easy to centrally manage access to multiple AWS accounts and provide users with single sign-on access to all their assigned accounts from one place. With IAM Identity Center, you can create and manage user identities in IAM Identity Center.
You can use the AWS CLI to automate the IAM resources, the commands provide basic information about IAM, similar to the AWS Management Console. In most cases, they provide more details, and the AWS CLI is useful for automating data collection If you need install the AWS CLI on your system, please go ahead and do this like below (I am using the Ubuntu 24.10):
Some useful IAM commands to get started to AWS IAM.
aws iam get-user --user-name foo-bar
aws iam get-group --group-name devs
aws iam get-role --role-name foo-bar
aws iam get-policy --policy-arn arn:aws:iam::aws:policy/AmazonBraketFullAccess
- If you need some trouble, so check it
aws iam get-role --role-name foo-bar --debug
To access additional resources about gathering information, choose the following buttons.
You might encounter issues outside I have covered in this article. AWS provides multiple resources that can further aid in your troubleshooting attempts. Always consider implementing AWS Identity and Access Management (IAM) best practices, encrypting sensitive data, and monitoring activity logs with AWS CloudTrail to maintain a robust security posture.
Tha's all‼️