What is IAM and Cloudwatch services of AWS?
AWS Identity and Access Management(IAM) is a web service that is used to limit the access of resources in AWS. To work on any start-up there may an individual person or there is a team behind that. While working on the cloud set-up part maybe you have multiple teams or workers creating different services to complete one infrastructure.
Let’s assume one team is to manage storage, another for instances, and another to monitor the network. At this point in time we can’t give our root account to everyone. It’s always a good practice to use a different account with limited resource access either working in a team or working individually.
In AWS, IAM is the service where we can create different users with limited privileges. To create a new user we need a key. As you know in any server of the world for login there are two basic things required i. e. username and password. In the previous class, we have learned how to create a key. The key we setup has two values
- Access key
- Secret key
The secret key is very sensitive and you can view that only once. That’s why it’s a good practice to download the key for future access. After creating an account you can also access the AWS through CLI. Today in the world of automation, all are running for automation and to achieve the automation we can’t use WebUI(website). That’s why 99% of cloud work, companies do either with CLI or any programming language. There are so many tools like Terraform that make this so easy to manage that in one single command we can set up the whole infrastructure. And by the same command, we can change or destroy the whole infrastructure. One more benefit of using Terraform is we don’t have to learn different-different languages of cloud to implement this by only a single language we can use any cloud service.
How to create a user?
Sign in to the AWS portal with your root account. Once you are inside your account search IAM in the service section and click on the user section. You may not find any user because you haven’t add that yet.
Click on Add User
Fill the required details. In Access type section you will see two chechkboxes, one to generate access key ID and secret key ID. Using this we can connect with AWS through CLI and SDK.
Second option is to give a password to the user so that you can login with that account through WebUI as well. Choose according to your needs.
This page is important. You will find three different-different options. Basically here you can select the permission to your user that this user can perform only these action. Policies have some advance roles that we will discuss in the future in some advance blogs.
Here we will simply click on the Attach existing policies and select one of them. You will find tonnes of policies there but we are going to use first one AdministrativeAccess it has almost all the powers like root has.
Next section you may found for tag. Tags are basically the key-value pair attach to one service and in case of calling that user again we can use the tag. You may not able to link importance of tag but don’t worry in further posts you will understand that well.
Review your edits and if all fine then select the create user option.
Your new user is created. Now click on download. This will save the access key and secret key ID into your system and we can use that further for login.
CloudTrail provides event history of your AWS account and it is really very useful in management purposes. Let’s understand this with an example. You want to set up an infrastructure of your idea and you have some people for different- different use cases. All the members have their own user account in your AWS account. All are working in different services. There is some error come up and while the time of troubleshooting you want to know what actually wrong happened. CoudTrail will help you to check this. This service creates the log of all the service that is used by any account over AWS. By going through the CoudTrail you can easily track all your logs and monitor all the users what they are doing. This is all about IAM and CloudTrail.
For further post stay tuned with Brighterbees.
If there is any query you can ask me in comment
Connect with the author