Security solutions built for cloud can bring benefits for businesses as compared to using legacy on-premises security solutions. Legacy security approaches also require a lot of upfront investment in the form of money and time. Security solutions used in cloud computing should be fast and should quickly adapt to ever-changing industry requirements. Talking of security, it is advised to follow certain security recommendations for AWS IAM service to ensure controlled access and effective privacy for your resources in AWS.
What is AWS IAM?
AWS IAM is a web service that enables a user to control access to its AWS resources in a secure manner. IAM is used to control who is authenticated (signed in) and who has permissions to use resources existing in your cloud infrastructure. It is recommended to make IAM users according to the feasibility and requirements of your cloud environment.
Why is it important to have IAM users in your AWS account?
When a user creates an AWS account for the first time, it proceeds with a single sign-in process. In that case, the user has access to all resources and services of AWS. This user identity is the AWS account root user. The root user can create multiple IAM roles which grant different sets of permissions to different users. There can be a situation when a user should only get read-only permission. Some other user might require read and write permissions both.
In such scenarios, you can assign IAM roles to different IAM users which securely facilitates control and privacy of your resources for different users in your cloud infrastructure. It is strongly recommended that you should have IAM users with different sets of permissions for different users.
Centilytics provides a dedicated insight into IAM user status which specifies whether IAM users have been created for your account or not.
There can be 2 possible scenarios:
|OK||This indication will be displayed when the corresponding account has IAM users created.|
|Warning||This will be displayed alongside those accounts which do not have any IAM users.|
Description of further columns are as follows:
- Account-ID: This column shows the respective account ID of the user’s account.
- Account Name: This column shows the corresponding account name to the user’s account.
|Account Id||Applying the account Id filter will display data for the selected account Id.|
|Compliance||Applying the compliance filter will display only those security checks which fall under the selected compliance.|
|Severity||Applying severity filter will display resources according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types|
|Resource Tags||Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.|
|Resource Tags Value||Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.|