Hi Everybody,
Today we are going to see, how to provide permission to AWS accounts for freelancers/developers
Let’s start with an example, as a business owner you created a new AWS account. Consider you have two developers named Michael and John. Both Micheal and John request AWS permission to host a website. Typically what you will do is share them your email and password. This is wrong!
Why you should not share the root user email and password with others?
Reason #1: You will not know who did what?
Consider an example, someone created an EC2 instance for testing. By mistake, they left it running for a month. At the month’s end, you got a surprise bill of $51 for EC2 usage.
How will you find who created the instance? since you have shared your email and password, it will show your name not the person who created the instance
Reason #2: You cannot restrict certain people from doing a certain activity
In your team, consider Micheal is an Experienced developer and John is a junior developer. You want John not to access some parts of your AWS account, since you have shared your account you cannot restrict John from performing specific actions
Reason #3: You will not be able to revoke certain people’s permission
You identified John as leaking critical information to your competitor and you fired John. But he still knows your AWS account email and password, and with that, he can access all your company data
Don’t panic, we can solve all of these problems with an AWS service called “IAM“
What is IAM?
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
How to create IAM accounts for your developers or freelancers
Step 1: Log into your AWS console
Step 2: Once you logged in search for IAM
Step 3: In the left side panel click on Users
Step 4: Click on Add users. Enter the username, and select AWS access type based on your need. If you want to provide programmatic access select Access key or if you’re going to provide only console access then select a password
Step 5: Review User details and click create user
How to provide access for IAM users
Step 1: In the IAM dashboard select users and select the user you want to provide access
Step 2: In the permission tab click on “Add Permission”
Step 3: Attach permission based on your need. For example, if you want to provide EC2 full access then search for “EC2” and select AmazonEC2FullAccess. Click on Review and click add permission
How to view IAM user logs
Step 1: Search for “CloudTrail” in the search bar.
Step 2: Select the region where the service is created. For example, if You want to view who created the EC2 instance in the us-west-1 region, then in the cloud trail dashboard too you should select us-west-1 region.
Step 3: Now, in the left side panel click on Event history. You can view all the IAM logs. For example, if you want to view user John’s activities then in the Lookup attributes select User name and enter the username. You can view all the activities of John
How to delete an IAM user
Step 1: Simply click on the search and type IAM
Step 2: In the IAM dashboard click on users in the left sidebar
Step 3: Now select the user you want to delete and in the top right corner click on delete.
In this blog post, we learned about IAM. For more exciting blogs related to AWS subscribe to our newsletter!
Thank you for reading
If you like to know more by watching the video I have created video for you