Amazon VPS(virtual private cloud) and IAM :
What stands for virtual private cloud?
VPC gives us a chance to launch Amazon Resources into a particular virtual network.
The comprehensive network of A.W.S resembles very much an authentic or traditional network.
We will talk about another service of AWS, which is EBS, stands for Elastic Block Storage.
IAM (Identity Access Management ) is one of the critical services of A.W.S, and the reason it is one of the essential services is that, before the IAM service of AWS, it was not safe to share passwords and other credentials with the users. Can you imagine that it is safe to share passwords and certificates over the phone or by email? The answer is no because there are chances that some other person can also get access to essential credentials, and that person can misuse those credentials. After A.W.S was launched the IAM service, it became straightforward to share access keys and passwords as one can safely give access to a user or send access key, which is safe and easy to do.
A.W.S IAM minimizes the chances of some other person having access to passwords or security keys. IAM is also used to give permissions to the users. As we know, different people have different roles in the organization. With IAM organizations, we can centrally manage which users will access essential things like access, keys, and permissions, which control access to AWS resources. IAM is the service of A.W.S, which is used to set users' permissions and roles. We can grant access or permissions to different users, and it is. It can allow managers more access to the A.W.S platform while employees will be given lesser access to the same venue. Controlled and built to a single A.W.S account, which is the organization's primary account.
Organizations use IAM to create multiple users as it provides all the users with their security credentials. It allows the user to do only what they must do as a part of the job. In IAM, a role is like a user, which means that a function can be understood as an identity with policies like permission policies which determine what a particular user can and cannot do in a user when it comes to credentials. With it all, it does not have any credentials in the form of passwords or access keys.
Workflow of IAM:
Workflow of IAM service includes steps like principal authentication, request authorization, actions, resources.
Principal:
The first step of the workflow is principal.
A principal is a person or application that can request activity or procedure on an AWS resource. A principal can be a user or a role and only act on an AWS resource. Access can also be granted to allow an application to access the AWS account.
Authentication:
The second step of the workflow is authentication. A principle must be authenticated or signed to send a request to AWS. A user or principal can sign in to the console after providing all the required keys to show from the API or AWS CLI. It is essential to provide an access key and a secret key.
Request:
The third step of the workflow is a request when the principal tries using the A.W.S console. He is sending a request to the A.W. was the request of the principal to include actions that the principal wishes to perform. The step can be anywhere in the A.W.S console-like AWS CLI or API operations. The activity can consist of resources on which the principal wants to achieve.
Authorization:
The fourth step of the workflow is an authorization. During authorization, IAM uses the data or values with it and decides whether to allow or deny the request of the user based on the policies or access given to the user. In IAM, by default, all the demands are rejected. But if the root user allows permission policies, it overrides the default, and the user can use a particular resource or future. The reason why root users can enable permissions is that by default, the AWS account's root user has access to all resources in the AWS account. And if users want to have access to the resources, then they must be granted authorization.
Action:
The fifth step of the workflow is action. After users are signed in and authorized by the route user, they can now take actions or start with operations they are given to do. Users can create new resources or modify existing resources by editing or deleting the resources for the user to act. It is essential to include the required action in the policy.
Resources:
The sixth, as the last step of the workflow, is resources. Actions of the users are performed on the resources. A resource can be easily understood as an object within a service.
Examples of resources are Amazon, EC2 instance, Amazon S3 bucket.
So this is how the workflow works in IAM
Features of IAM:
• The first feature of IAM is it is used to control AWS centrally. One can handle operations like creating, rotating, and canceling or removing of security credentials of the users. One can also control what information in the A.W.S console users can access and how they can get access to it.
• The second feature of I Am is shared access. Shared access to A.W. account means users can send and share the sources for the projects joint in users.
• The third feature of A.W. is granular authorizations. This permission allows users to use some services out of many benefits. It is used to divide services that a user can use and services which the user cannot use.
• The fourth feature of IAM is multi-factor authentication. This service of AWS is used to provide more security to the account. It works as an extra layer when providing a username and password. It is recommended to use multi-factor authentication to protect your account. When signing into the console, the user must enter a security check code, apart from username and password.
• The fifth feature of IAM is organizational group-based permissions, meaning that users can be restricted access to AWS resources. If a user is in the admin group, he will be given admin resources only.
• The sixth and last feature of IAM is networking controls, meaning that users can easily access the resources and data of A.W.S within the organization's corporate network.