This page is under regular updates. Please check back later for more content.
Identity and Access Management (IAM)

IAM (Identity and Access Management) in AWS

IAM (Identity and Access Management) allows for both authentication and authorization in your AWS account.

  • Authentication: Proving an identity.
  • Authorization: Determining permissions to perform actions.
  • IAM is designed primarily for identity-based access control and supports cross-account behavior.

AWS Service API Endpoint

  • Everything in AWS is API driven - All the task and actions performed within AWS is executed using API endpoint.
  • API endpoints are regional (except few such as Route53 and Cloudfront).
  • All Service API endpoint require permission and credentials.

Ways to Interact with AWS Service API Endpoint

There multiple ways to interact with AWS such as -

  • AWS Console - Using username and password
  • AWS CLI (Command Line Interface) - It uses API keys, can also be used for autmation as well.
  • AWS SDK (Software Development Key) - SDK also use API keys.

AWS Console

  • The AWS console is often the easiest way for users to interact with AWS services.
  • It’s beneficial for beginners to learn about services.

Advantages of the AWS Console

  • Current Features and Interfaces: Provides access to the latest features and user interfaces.
  • Combined Actions: Allows users to perform multiple actions through a single operation (e.g., creating an Elastic Load Balancer through a wizard).
  • User Guidance: Offers suggestions for required fields and provides error codes when something goes wrong.

Disadvantages of the AWS Console

  • Automation Challenges:
    • Cannot automate tasks while using the console.
    • Frequent UI changes make it hard to rely on a consistent layout.
  • Scalability Issues:
    • Launching many resources (e.g., 100 EC2 instances) requires excessive manual clicks.
  • Human Error:
    • Involves risk of mistakes due to manual input.
  • Frequent UI Changes:
    • AWS regularly updates its UI, which can lead to confusion for users.

AWS CLI (Command Line Interface)

Overview of the AWS CLI

  • It is a way to access the AWS services and interact with them in more flexible way using commands only.
  • Can be downloaded or installed as a package.
  • Unified command structure under a single executable (aws).

Command Structure

aws [options] <command> <subcommand>

  1. General Options: Specify region, output format, filtering, and sorting options.
  2. Command: Corresponds to a specific AWS service API (e.g., EC2, S3, RDS).
    • Note: Not all services have unique command names (e.g., VPC operations are under EC2).
  3. Sub Commands: Specify actions related to a command (e.g., run-instances for launching EC2 instances).
  4. Parameters: Detailed options associated with commands and sub commands.

AWS SDK

  • AWS SDKs (Software Development Kits) are libraries that simplify interaction with AWS services.
  • They provide a consistent interface across different programming languages
  • Have integerated authentication support.
  • Replaces AWS API calls.