IAM (Identity and Access Management) in AWS
IAM (Identity and Access Management) allows for both authentication and authorization in your AWS account.
- Authentication: Proving an identity.
- Authorization: Determining permissions to perform actions.
- IAM is designed primarily for identity-based access control and supports cross-account behavior.
AWS Service API Endpoint
- Everything in AWS is API driven - All the task and actions performed within AWS is executed using API endpoint.
- API endpoints are regional (except few such as Route53 and Cloudfront).
- All Service API endpoint require permission and credentials.
Ways to Interact with AWS Service API Endpoint
There multiple ways to interact with AWS such as -
- AWS Console - Using username and password
- AWS CLI (Command Line Interface) - It uses API keys, can also be used for autmation as well.
- AWS SDK (Software Development Key) - SDK also use API keys.
AWS Console
- The AWS console is often the easiest way for users to interact with AWS services.
- It’s beneficial for beginners to learn about services.
Advantages of the AWS Console
- Current Features and Interfaces: Provides access to the latest features and user interfaces.
- Combined Actions: Allows users to perform multiple actions through a single operation (e.g., creating an Elastic Load Balancer through a wizard).
- User Guidance: Offers suggestions for required fields and provides error codes when something goes wrong.
Disadvantages of the AWS Console
- Automation Challenges:
- Cannot automate tasks while using the console.
- Frequent UI changes make it hard to rely on a consistent layout.
- Scalability Issues:
- Launching many resources (e.g., 100 EC2 instances) requires excessive manual clicks.
- Human Error:
- Involves risk of mistakes due to manual input.
- Frequent UI Changes:
- AWS regularly updates its UI, which can lead to confusion for users.
AWS CLI (Command Line Interface)
Overview of the AWS CLI
- It is a way to access the AWS services and interact with them in more flexible way using commands only.
- Can be downloaded or installed as a package.
- Unified command structure under a single executable (
aws
).
Command Structure
aws [options] <command> <subcommand>
- General Options: Specify region, output format, filtering, and sorting options.
- Command: Corresponds to a specific AWS service API (e.g., EC2, S3, RDS).
- Note: Not all services have unique command names (e.g., VPC operations are under EC2).
- Sub Commands: Specify actions related to a command (e.g.,
run-instances
for launching EC2 instances). - Parameters: Detailed options associated with commands and sub commands.
AWS SDK
- AWS SDKs (Software Development Kits) are libraries that simplify interaction with AWS services.
- They provide a consistent interface across different programming languages
- Have integerated authentication support.
- Replaces AWS API calls.