Securing AWS Resources: A Beginner’s Guide to IAM

These days everthing is moving to the cloud but security is more important than ever. When we are thinking about protect your cloud infrastruture or resources so, there is AWS tools IAM (AWS Identify and Access Management) one of the most powerful tools available. If you are using AWS Cloud or you want to secure your resource in AWS cloud using IAM. So, this blog for you.

In this blog, we will guide to step by step secure your resources in AWS cloud using IAM tools.

What is AWS IAM?

AWS IAM ( Identity and Access Management) is a cloud tools that give you to control who can access your AWS resources and what they can do. Using IAM we can create users, groups, roles and policies that govern access to resources like EC2 instacnes, S3 buckets and RDS databases.

IAM provides granular control over user permissions and make sure that your cloud resources remains secure. With the help of IAM you can implement the principle of least privilege which minimizes the potential attack.

Key Concepts of AWS IAM

To properly secure your AWS resources, it is important to understand these core IAM concepts:

• Users: Users are individual accounts in your AWS platform. Each user has unique credentials like username, password, access key and secreate key.
• Groups: Groups are the collection of users. You can add permission or policy in the group level which is automatically assign user within a groups. This is a great way to streamline permission management for teams or departments.
• Roles: Roles are set of permission that you can assign to users or AWS services. Roles allow to use AWS resources such as running EC2 instance or accessing an S3 bucket. Roles do not have long term credentials, they use temporary security tokens.
• Policies: Policies are also one kind of define permission for users, groups or roles. AWS already provide managed policies but you can also create your own policies (custom policies) which is define which action are allowed and denied.

Now, Let’s move forward to practical section how we can secure our resource in AWS cloud using IAM

Step 1: Launch EC2 Instance

• First, we have create two instances one for developmet and another for production environment.
  • Go to AWS management console and sign in through your credential.
  • Search EC2 in search box.

• Select your region where you want to create EC2 instances.

• Now, Click on launch Instances
  • Name and Tags
    • Name: cwy-development-server
  • click on Additonal Tags
    • Key: env
    • Value : deveopment

• Select your AMI : Amazon Linux
• Instance Type: t2.micro
• Key Pair: create your key
• Network Setting:
  • Firewall (Security Groups): Check on allow SSH traffic from

• Storage: leave as default
• Click on Launch Instances

Now, Create another instances for Production same as Development but this time use different tags.

• Name and Tags
  • Name : cwy-production-server
• Click on Additional tags
  • Key : env
  • Value : production

After create both instances, Now, move to IAM console

Step 2: Create IAM Policy

• Search IAM on search Box

• Click on left hand navigation panel of your IAM dashboard and select policy
• click on create policy

• Click on JSON editor tab and paste code into your editor

    

     {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/env": "development"
                }
            }
        },
        {
            "Effect": "Deny",
            "Action": "ec2:TerminateInstances",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/env": "development"
                }
            }
        },
        {
            "Effect": "Deny",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances",
                "ec2:TerminateInstances"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/env": "production"
                }
            }
        }
    ]
}

    
  

• Click next after paste code into your editor
• Policy name: CWYIAMPolicyEnvironmentForUser
• Description: This policy give permission to user for instance
• Now, click on create policy button

Now, after create policy we have to move create group and user and attach policy.

Step 3: Create IAM Group and User

• Again go to IAM console and click on users group on the left hand navigation on IAM dashboard.

• Group Name : DevelopmentGroup

• Now Attach Permission Policies
• Click on Create users group button

Now, again click on users tab on the left hand navigation panel

• Click on Create users
• Name : developmentuser
• Check : Provide user access to the AWS Management Console – optional
• User type: select I want to create an IAM user
• Console password: check Autogenerated password
• Uncheck: Users must create a new password at next sign-in – Recommended
• Click on Next

• Now, select users group
• Click on Next

• Now, click on create users

When you click create users, you will users login detail like console sign in URL, username and password. you have to keep it safe or you can download .csv file. Copy the console sign in URL and paste it in broswer .

• Now, Login AWS management console with development user

• After login you can see you can’t access EC2 instances. You wil get warning notification

Woah ! Successfully secure our AWS resource using IAM policy. Through this way, we can secure our AWS resources by using IAM policies to assign different users and groups