Introduction
In the realm of secure system management, Identity and Access Management (IAM) plays a pivotal role, encompassing two crucial aspects: authentication and authorization. While authentication verifies user identity, authorization determines user access rights. This presentation delves into the significance of IAM, particularly focusing on the implications of utilizing a root user account.
Section 1. Understanding Authentication and Authorization
Authentication: This process involves verifying the identity of users attempting to access a system. It ensures that users are who they claim to be through various authentication factors, such as passwords, biometrics, or security tokens.
Authorization: Once a user's identity is confirmed, authorization comes into play. It determines the level of access and actions a user is allowed within the system. Proper authorization guarantees that users can only interact with resources they are permitted to use.
Section 2. Exploring the Root User Account
Role of the Root User: The root user account holds the highest level of authority within a system. It possesses the ability to perform any action, making it an extremely powerful entity. Root user privileges grant unrestricted control over the system's configuration and data.
Security Implications: Entrusting the root user credentials to anyone grants them unfettered access to your system. This unparalleled control could lead to catastrophic consequences if exploited. Hence, it is strongly advised to exercise caution when using the root user account.
The Best approach is to create an IAM user and use the IAM user for day-to-day activities.
Moving forward, let's create an IAM Group. Why IAM Group?
We might have hundreds of IAM Users, but we don’t want to manage permissions for them individually. That’s where we would create an IAM Group. After creating the group, we will create IAM User, and we would make it part of the above newly created IAM Group.
Let’s get started.
Create an IAM Group
Before creating the IAM Group, we will need to login into a management console.
There is a wide variety of things we can do in the management console.
For eg., if you want to see the list of services in the US, you can click the view all services as shown below.
![aws HOME]()
Over here, we can see the list of services that are present under different categories in the US.
Now, search for the IAM as shown below,
![awsservice]()
Let's click on IAM.
On the IAM page, we can create users, we can create groups, and we can also manage permission for resources.
Select User Groups under the Access Management menu and click on Create Group button, as shown in fig.
![creategroup]()
In Create use group, I have given details below.
![usergeroup]()
![permission]()
We are creating a developers group with administrator access, and we can proceed to click on Create Group button as shown in the above figure.
![accessmanagement]()
At the moment, we don’t have any users that are assigned to this newly created group. So, let's create a user.
Select Access Management -> Users in the left menu pane and click on Add users.
![accessUser]()
To create a user page, fill up all the necessary data as shown below
![userdetails]()
There are multiple ways we can give permission to the user we have created. As shown below fig,
- We can add users to the group.
- We can copy permission from existing users.
- We can attach existing policies directly.
![setPermission]()
The recommended way is to always go with Add user to a group (point 1 in the above).
In order to give access to our new user, we just need to check the checkbox shown below.
![devpermission]()
On the Next page, we can review the details and proceed to Create user button
![review]()
Great, we have created a user successfully, as shown below.
![userSuccess]()
Now go back to IAM Dashboard (Simply search IAM in the top search box). In this dashboard, we can view the IAM resources web part, as shown below.
![dashboard]()
Now we have 2 types of users, Root User & IAM User!
Currently, we logged in with the root user, so log out of the root user and log in with the IAM User account.
To log in with an IAM User account, there is a sign-in URL in the above screenshot. Open that URL now.
![signIN]()
At the top right corner, we should see premteam_dev. So we are now logged in with the IAM User.
Conclusion
In the realm of IAM, the concepts of authentication & authorization are pivotal for ensuring system security. While authentication validates user identity, authorization governs user access.
The root user, with its unparalleled authority, demands careful handling to prevent potential misuse. By following best practices and exercising caution, companies can bolster their system’s security and safeguard their valuable data and resources.