Cloud Services Platforms And Solutions
Cloud Services—Platforms And Solutions—Amazon AWS Identity And Access Management

Amazon AWS™ Identity and Access Management (Amazon AWS IAM) enables you to securely control access to Amazon AWS™ services and resources for your users. Using Amazon AWS™ IAM, you can create and manage Amazon AWS™ users and groups, and use permissions to allow and deny their access to Amazon AWS™ resources. Amazon AWS™ IAM is a feature of your Amazon AWS™ account offered at no additional charge. You will be charged only for use of other Amazon AWS™ services by your users. Securely control access to Amazon AWS™ services and resources for your users. Amazon AWS™ Identity and Access Management enables you to securely control access to Amazon AWS™ services and resources for your users. Manage IAM users and their access—you can create users in IAM, assign them individual security credentials (in other words, access keys, passwords, and multi factor authentication devices), or request temporary security credentials to provide users access to Amazon AWS™ services and resources. You can manage permissions in order to control which operations a user can perform.

Amazon AWS™ Identity and Access Management has some great features that enable you to control access and permissions to your Amazon AWS™ services and resources. There are numerous benefits, of which six are detailed below. Click each link to learn more about everything from managing users to using identity federation for delegated access to the Amazon AWS Management Console™ or Amazon AWS™ APIs. Use fine—grained access control, integrate with your corporate directory, and require MFA for highly privileged users. Multi factor authentication for highly privileged users allows protection of your Amazon AWS™ environment by using Amazon AWS MFA™, a security feature available at no extra cost that augments user name and password credentials. AWS™ supports federation from corporate systems like Microsoft Active Directory™ as well as external Web Identity Providers like Google™ and Facebook™. MFA™ requires users to prove physical possession of a hardware MFA token or MFA enabled mobile device by providing a valid MFA code. Amazon AWS Cloud Directory™—now available—Amazon Amazon AWS Cloud Directory™—a cloud native directory for hierarchical data.

Amazon AWS IAM Enhanced Security

IAM enables security best practices by allowing you to grant unique security credentials to users and groups to specify which Amazon AWS™ service APIs and resources they can access. IAM is secure by default, users have no access to Amazon AWS™ resources until permissions are granted. IAM allows you to authenticate users, depending on how they want to use AWS™ services. You can assign a range of security credentials including passwords, key pairs, and X.509 certificates. You can also enforce multi—factor authentication on users who access the AWS Management Console™ or use APIs. IAM provides the granularity to control a user’s access to specific AWS™ services and resources using permissions. For example, terminating Amazon AWS EC2™ instances or reading the contents of an Amazon AWS S3™ bucket. You can use Amazon AWS™ IAM to grant your employees and applications access to the Amazon AWS Management Console™ and to Amazon AWS™ service APIs, using your existing identity systems. AWS™ supports federation from systems like Microsoft Active Directory™ as well as external Web Identity Providers like Google™ and Facebook™.

Amazon AWS IAM Functionality

Amazon AWS™ IAM allows you to manage IAM users and their access—you can create users in IAM, assign them individual security credentials (in other words, access keys, passwords, and multi—factor authentication devices), or request temporary security credentials to provide users access to Amazon AWS™ services and resources. You can manage permissions in order to control which operations a user can perform. Manage IAM roles and their permissions—you can create roles in IAM and manage permissions to control which operations can be performed by the entity, or Amazon AWS™ service, that assumes the role. Manage federated users and their permissions—you can enable identity federation to allow You can also define which entity is allowed to assume the role. Assign identities in your enterprise to access the Amazon AWS Management Console™, call Amazon AWS™ APIs, and access resources. Amazon AWS™ Identity and Access Management (IAM) enables you to control access to Amazon AWS™ services for users. Using IAM, you can create and manage Amazon AWS™ users and groups, and use permissions to allow and deny access to Amazon AWS™ resources.

Amazon AWS IAM Use Cases

Fine—grained access control to Amazon AWS™ resources enables your users to control access to Amazon AWS™ service APIs and to specific resources. IAM also enables you to add specific conditions such as time of day to control how a user can use Amazon AWS™, their originating IP address, whether they are using SSL, or whether they have authenticated with a multi factor authentication device. Integrate with your corporate directory—Amazon AWS™ IAM can be used to grant your employees and applications federated access to the Amazon AWS Management Console™ and Amazon AWS™ service APIs, using your existing identity systems such as Microsoft Active Directory™. You can use any identity management solution that supports SAML 2.0, or feel free to use one of our federation samples (AWS Console SSO™ or API federation). Manage access control for mobile applications with web identity providers—you can enable your mobile and web browser—based applications to securely access Amazon AWS™ resources by requesting temporary security credentials that grant access only to specific Amazon AWS™ resources for a configurable period of time.

Features And Benefits

In addition to defining access permissions directly to users and groups, Amazon AWS IAM™ lets you create roles. Roles allow you to define a set of permissions and then let authenticated users or Amazon AWS EC2™ instances assume them, getting temporary access to the resources you define. Compliance — compliance in the cloud for new financial services cybersecurity regulations. Compliance—new SOC 2 report available, confidentiality. Detect—automatically remediate unintended permissions in Amazon AWS S3™ Object ACLs with Amazon AWS CloudWatch Events™. Amazon AWS Identity And Access Management™ assists in creating roles and permissions. You can enable identity federation to allow existing identities (users, groups, and roles) in your enterprise to access the Amazon AWS Management Console™, call Amazon AWS™ APIs, and access resources, without the need to create an IAM user for each identity. You can create roles in Amazon AWS IAM™ and manage permissions to control which operations can be performed by the entity, or Amazon AWS™ service, that assumes the role. You can also define which entity is allowed to assume the role.