IAM: The CLOUD ROOT
IAM overview
What is IAM?
IAM: Identity and Access management
IAM is used for creating a user and groups for providing some resources to the person working in the organisation by giving some Permission Boundary and policies so he can work in the organisation without any hinderance
IAM policies are defined through json that helps in understanding the permission set by the administrator to the user
What is Permission Boundary?
Permission Boundary are the allocation of resources to a user which is required to perform his tasks in the organisation like he is given a permission to spin a ec2 instance putting files in s3 buckets by setting the permission Boundary we are limiting the user to access the resources he actually wants
What is policies in IAM ?
Policies is like giving a user a specific Permission only like he can only retrieve the data from the s3 or put the data in the s3 buckets if you have don't policies for access ec2 machine then you can't even create a machine
What is Administrator ?
Administrator is like an root he has the deciding authority which user should be given a access to which resources and setting the policy
Administrator can create a user and can delete a user he can increase the resources and can reduce the permission he is the deciding authority
Here is the image of aws IAM policy and Permission
Here SID is the user id to which user the permission has been given
Effect wheather the user is allowed or denied to use this given resources or not
Action is defined which action the user can perform this is the policy set by the administrator to the user can he do only these things in this case he is allowed to delete the object and getobject
Condition : some certain conditions needs to be meet to access these object like login through OTP or using authenticator in this case the condition is that IP ADDRESS Should be this
Resources here are the boundary kept by the administrator in this case the user can only access bills and marketing section of the aws other then he can't spin can ec2 machine and delete an object he has done something other than this the administrator will get an message or a log of that user that he has breached the permission or tried to access other resources which has not given any resources to do so
To Be Continued...
