๐ Day 12 | AWS IAM โ The Backbone of AWS Security ๐โ๏ธ
Published: (December 11, 2025 at 11:39 AM EST)
2 min read
Source: Dev.to
Source: Dev.to
What is IAM?
IAM (Identity and Access Management) is the security system of AWS.
It decides who can access what in your AWS account.
Think of IAM like a security guard:
- Users โ People who need access
- Roles โ Permissions for AWS services (EC2, Lambda, GitHub Actions, Terraform)
- Policies โ Rules that say what actions are allowed
- Groups โ Team permissions
How to Use IAM (StepโbyโStep Guide)
1. Create IAM Users (for people)
Use users for human access, not automation.
Steps
- Go to AWS Console โ IAM โ Users
- Click Create user
- Provide a name (e.g.,
devops-user) - Attach permissions (Admin or custom)
- Create login credentials
- Enable MFA (very important!)
Purpose: Logging into AWS as a person.
2. Create Groups (for teams)
Groups help give the same permissions to multiple users.
Examples
- DevOpsโTeam
- Developers
- AdminโTeam
Steps
- IAM โ User groups โ Create group
- Attach common policies
- Add users to the group
3. Create IAM Roles (for AWS services)
Roles are used by machines, not humans.
Examples
- EC2 instance role
- Lambda execution role
- GitHub Actions OIDC role
- Jenkins role
- Terraform role
Steps
- IAM โ Roles โ Create role
- Choose a service (EC2, Lambda, etc.)
- Attach policies (S3, EC2, CloudWatch, โฆ)
- Attach the role to the service
Use Cases
- EC2 can read S3 objects using a role
- GitHub Actions deploys to AWS using a role (no access keys)
4. Attach Policies (Permissions)
A policy is a JSON document that defines allowed actions.
Example Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/*"
}
]
}Steps
- IAM โ Policies โ Create policy
- Attach the policy to a user, group, or role
5. Enable MFA (for security)
MFA adds strong protection during login.
Steps
- IAM โ Users โ Your user โ Security credentials
- Click Assign MFA device
- Scan the QR code with Google Authenticator / Authy
- Finish the setup
6. Use IAM Access Analyzer
IAM Access Analyzer identifies security risks such as public S3 buckets or overโpermissive policies.
Steps
- IAM โ Access Analyzer
- Enable an analyzer
- Review findings
- Fix overโpermissive policies
Where IAM is Used in DevOps
| Task | IAM Required? | Example |
|---|---|---|
| CI/CD (GitHub Actions) | Yes | Role with OIDC |
| Terraform | Yes | IAM Role with policies |
| EC2 Logging | Yes | CloudWatch role |
| S3 Artifacts | Yes | S3 access policy |
| EKS | Yes | IAM roles for Kubernetes |
| Jenkins Deployment | Yes | IAM user / role |
| Monitoring | Yes | CloudWatch permissions |
Useful Links
- GitHub:
- Dev.to Blog:
- LinkedIn:
- Resume (Google Drive):