AWS Security Overview
I’m an EDI Integrator Developer & Analyst with 1 year of experience in EDI mapping and WebEDI. My secondary skills include backend development using Django, Node.js, and ASP.NET MVC, along with working on cloud deployments using AWS EC2 and Docker. I’m currently expanding my cloud knowledge by learning AWS Cloud Practitioner to build modern, cloud-ready applications.
Introduction
AWS Security starts with Identity and Access Management (IAM). It plays an important role in securing cloud environment. It is a service for securely controlling access to AWS resources. It allows you create and manage users, groups, roles, and permissions by using policies.
In this post, I explain the main IAM components, MFA (Multi-Factor Authentication) and distinction between Root User and IAM Admin to show how they manage security in your AWS Cloud environment.
IAM Users:
Users are individuals who require access to your AWS environment. Each team member has their own credentials to access the resources within it. For example, when multiple members are working in your team, each receives their own unique login credentials.
Security Benefit
Any action performed by any team member will be logged in AWS CloudTrail which helps you easily track their activities.
IAM Groups:
IAM Groups are sets of IAM users. Instead of granting permissions to each user individually, you can assign permissions to the group, and all members automatically inherit them. For example: You can create a group for developers and grant them permissions for EC2 instances and S3 buckets. All users in the group automatically inherit these permissions.
Security Benefit
When you assign permissions in the group instead of individual users, it will reduce the chances of any user missing that permission. Each user will receive consistent permission. If we were to assign permissions to individual users, it would increase the chances of incomplete or inconsistent permission which will create security gaps.
IAM Policies:
IAM Policies define what actions are allowed or denied on AWS resources. They can be attached to users, group and role. For example, A policy giving read-only access to an S3 bucket allows users to view objects but not modify them.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}
Security Benefits:
IAM Policies allow you to decide exactly what each user is able to do on AWS. This protects your resources, prevents unwanted activity, and makes it easier to manage rights for everyone.
IAM Roles:
IAM Roles allow temporary access to AWS resources without requiring passwords or access keys. They are used for services, applications, or external users. For example: An EC2 instance needs to read files from an S3 bucket, so you assign it a role with S3 read permissions. Instead of storing access keys, assign it an IAM Role. EC2 can access S3 securely.
Security Benefits:
IAM Roles protect your AWS environment because they do not require passwords or access keys. They provide temporary access and eliminate the risk of passwords or access keys being leaked.
MFA (Multi-Factor Authentication):
It adds an extra security by requiring a password plus an OTP or authenticator code. Strongly recommended for admin accounts.
Security Benefits:
If user’s password is leaked, an OTP or authenticator code will protect the account.
Root User vs IAM Admin:
Root User has full access and is used only for setup, while IAM Admin is a safer admin account for daily tasks.
Key Takeaways:
IAM Users and Groups help manage individual and team access more efficiently.
IAM Policies define the activities that users, groups, and roles can take on AWS resources.
IAM Roles enable temporary, secure access without requiring passwords or access keys.
MFA provides an additional layer of safety for user accounts.
Using IAM Admin accounts instead of the Root User reduces risk and makes your AWS environment secure.
