Cheat Sheet #day13 - AWS IAM

AWS IAM Cheat Sheet

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. This cheat sheet covers key concepts, commands, and tips to help you navigate and utilize AWS IAM effectively.

Key Concepts

• Users: Individual identities with long-term credentials.

• Groups: Collections of users that share permissions.

• Roles: Identities with permissions to access AWS resources, assumed by users, applications, or services.

• Policies: JSON documents defining permissions to access AWS resources.

Common Commands

User Management

• Create User:

    aws iam create-user --user-name USERNAME
  

• List Users:

    aws iam list-users
  

• Delete User:

    aws iam delete-user --user-name USERNAME
  

Group Management

• Create Group:

    aws iam create-group --group-name GROUPNAME
  

• Add User to Group:

    aws iam add-user-to-group --user-name USERNAME --group-name GROUPNAME
  

• Remove User from Group:

    aws iam remove-user-from-group --user-name USERNAME --group-name GROUPNAME
  

• Delete Group:

    aws iam delete-group --group-name GROUPNAME
  

Role Management

• Create Role:

    aws iam create-role --role-name ROLENAME --assume-role-policy-document file://trust-policy.json
  

• Attach Policy to Role:

    aws iam attach-role-policy --role-name ROLENAME --policy-arn POLICY_ARN
  

• Delete Role:

    aws iam delete-role --role-name ROLENAME
  

Policy Management

• Create Policy:

    aws iam create-policy --policy-name POLICYNAME --policy-document file://policy.json
  

• Attach Policy to User:

    aws iam attach-user-policy --user-name USERNAME --policy-arn POLICY_ARN
  

• Detach Policy from User:

    aws iam detach-user-policy --user-name USERNAME --policy-arn POLICY_ARN
  

• Delete Policy:

    aws iam delete-policy --policy-arn POLICY_ARN
  

Policy Examples

Allow Full S3 Access

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    }
  ]
}

Allow EC2 Read-Only Access

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:Describe*"
      ],
      "Resource": "*"
    }
  ]
}

Best Practices

• Use Groups to Assign Permissions: Assign permissions to groups rather than individual users to simplify management.

• Least Privilege Principle: Grant only the permissions necessary for users to perform their tasks.

• Enable MFA: Use Multi-Factor Authentication for additional security.

• Rotate Credentials Regularly: Regularly rotate access keys and passwords to minimize risk.

• Monitor IAM Activity: Use AWS CloudTrail to log and monitor IAM activities.

Useful Tips

• IAM Policies: Policies can be attached to users, groups, or roles to manage permissions.

• AssumeRole: Use the sts:AssumeRole API for cross-account access.

• Policy Simulator: Use the IAM Policy Simulator to test and troubleshoot policies.

By following this cheat sheet, you can effectively manage AWS IAM resources and ensure secure access to your AWS environment.