Understanding IAM in AWS: A Beginner-Friendly Guide

 Raees Qazi | DevOps Engineer | Learner | Mentor | Creator | Briller Technologies

When you create an AWS account, a Root User is automatically generated. This user has full administrative control over your AWS account and can access all services. However, using the Root User for daily tasks is a security risk. This is where IAM (Identity and Access Management) comes in.

Press enter or click to view image in full size

What is IAM?

IAM (Identity and Access Management) is a security service in AWS that helps manage user access and permissions. It ensures that only authorized users can perform specific actions on AWS resources.

IAM can be broken down as follows:

  • I (Identity): Who is accessing AWS?
  • A (Access): What level of permissions do they have?
  • M (Management): How are permissions controlled and monitored?

With IAM, you can create users, assign permissions, and restrict access based on your requirements. For example, if you want a user to create EC2 instances but not access other services, IAM allows you to enforce this restriction.

Security Best Practices for IAM

To secure your AWS account, follow these key recommendations:

  1. Enable Multi-Factor Authentication (MFA) for the Root User — This adds an extra layer of security by requiring an OTP.
  2. Avoid Using the Root User for Daily Operations — Instead, create IAM users with appropriate permissions.
  3. Do Not Use Active Access Keys for the Root User — Access keys (such as SSH keys and tokens) should be managed through IAM roles and users.

Key IAM Components

IAM consists of several important elements:

1. Identity Providers

IAM allows third-party services like GitHub, Jira, and GitLab to authenticate users. You can also use Identity Providers to allow access between AWS accounts for seamless migration.

2. Policies

Policies define permissions in AWS. For example, if you want a user to only create EC2 instances, you can attach an EC2-specific policy to their IAM profile.

3. Users

IAM Users are individual accounts created under AWS. Each user has specific permissions based on assigned policies.

How to Create an IAM User:

  1. Navigate to IAM > Users.
  2. Click Create User.
  3. Enter a username (e.g., raeesqazi).
  4. Select AWS Management Console Access.
  5. Choose Custom or Auto-generated Password.
  6. Require the user to change their password on first login (recommended).
  7. Set permissions by either:
  • Adding to a user group
  • Copying permissions from another user
  • Attaching a policy directly

8. Click Create User.

9. The user receives an email with login credentials.

4. Groups

IAM Groups allow you to manage permissions for multiple users at once. Instead of assigning policies to each user individually, you can assign them to a group.

How to Create an IAM Group:

  1. Navigate to IAM > Groups.
  2. Click Create Group.
  3. Enter a group name (e.g., DevOps).
  4. Attach policies (e.g., EC2 Full Access).
  5. Click Create Group.
  6. Add users to the group — they automatically inherit the group’s permissions.

5. Roles

IAM Roles allow users or AWS services to assume specific permissions.

Example Use Case:

  • A developer has access to EC2 but not to an RDS database.
  • You can create a role that grants specific permissions to modify data in RDS but prevents deletions.
  • The developer can assume this role to work on the database without gaining full access.

Conclusion

IAM is a powerful tool that enhances security and access control in AWS. By following best practices, creating users with appropriate permissions, and using roles and groups effectively, you can manage your AWS environment securely.

If you found this guide helpful, share it with others and keep learning about AWS security!

Comments

Post a Comment

Popular posts from this blog

📘 Understanding Prometheus in a Simple Way-Part 3 (For DevOps Beginners)

Image
 In our previous blogs, we have already covered: How to launch an EC2 instance (Link: https://medium.com/@raeesyaqubqazi/prometheus-and-grafana-project-part-1-by-raees-yaqoob-qazi-12eb5c431350 ) How to run our Notes App inside a Docker container (Link: https://medium.com/@raeesyaqubqazi/prometheus-and-grafana-project-part-1-by-raees-yaqoob-qazi-12eb5c431350 ) How to install cAdvisor to collect container-level metrics (Link: https://medium.com/@raeesyaqubqazi/monitoring-containers-with-cadvisor-part-2-of-my-previous-blog-series-cec2452b1ba5 ) Today, we will move one step ahead and learn Prometheus , which will collect the metrics generated by cAdvisor. 🔍 What Is Prometheus? Before understanding Prometheus, let’s talk about how data is stored in databases . ✔️ Relational Databases (MySQL, PostgreSQL) Data is stored in rows and columns  — like an Excel sheet. ✔️ Prometheus (TSDB — Time Series Database) Prometheus does NOT store data in tables.  It stores data in Time Series fo...
Read more

Grafana Setup & Dashboard Creation (Part-5)— Explained by Raees Yaqoob Qazi

Image
 Today, I’m going to talk about Grafana . Grafana is a powerful tool used to create dashboards and visualize data . As DevOps engineers, monitoring is very important, and Grafana makes it easy to understand system performance. Part-1:  https://brillertechnologies.blogspot.com/2025/11/prometheus-and-grafana-projectpart-1-by.html Part 2:  https://brillertechnologies.blogspot.com/2025/11/monitoring-containers-with-cadvisorpart.html Part 3:  https://brillertechnologies.blogspot.com/2025/12/understanding-prometheus-in-simple-way.html Part 4: https://brillertechnologies.blogspot.com/2025/12/understanding-prometheusmonitoring-made.html 1. Running Grafana Using Docker Compose First, I use Docker Compose to run Grafana. Open your docker-compose.yml file: vim docker-compose. yml Add the Grafana service: grafana: image: grafana/grafana-enterprise container_name: grafana restart: unless-stopped ports: - "3000:3000" Save and exit with:   :wq Then run: d...
Read more

My First Python Program: A Simple Calculator

Image
 Today, I am going to create a simple calculator using Python . This might be your first code ever , and honestly, this is also my first Python code . So don’t worry — we are learning together. Let’s start step by step. Step 1: Open VS Code First, open Visual Studio Code (VS Code) . Step 2: Create a Folder and a File Create a new folder (you can name it anything). Inside the folder, create a new file. In my case, I named the file first.py . 👉  .py is the file extension for Python , just like: .cpp for C++ .java for Java Step 3: Write the Python Code Now, write the following code in first.py : num1 = float ( input ( "Enter num 1: " ) ) # Taking first number from the user num2 = float ( input ( "Enter num 2: " ) ) # Taking second number from the user opr = input ( "Enter operator: " ) # User selects the operator (+, -, *) if opr = = "+" : # If operator is + output = num1 + num2 if opr = = "-" : # If operator is - ...
Read more