Takeaways from AWS IAM

Identity and access management is the most important as well as challenging component of the software system. The lack of proper identity and access management in our application may lead us to a software disaster be it in terms of security, application usage, or programming.

AWS has done a really impressive job in that aspect. AWS IAM is undoubtedly the major component of security AWS offers to its consumers. This blog focuses on the takeaways, we as developers can get from AWS IAM implementation.

Granular Access

We need to divide the services given by our application in such a way that each service needs to be assigned separate access controls for each user. To take a reference in AWS, the access controls provided to s3 will allow users to have access over s3 only and not over the secret manager.

Individual or Group Access

We should let the access controls be assigned in such a way that they can be either assigned to an individual or to a group.

User-defined or In-built Access Policies

Access control should be managed in terms of policies in such a way that policy determines the module, resource, level of access, and condition of access. Some of the system's in-built policies should be present for users to easily assign them. At the same time, admins should be able to create their own policies as per the organization's need.

Types of Access Controls

Access controls should be divided into view, edit, create and delete. Details on each control should depend on the type of module for which control is being defined.

Least privilege model

By default, any resource for any user should be denied. Only through the addition of users and policies to the system, accesses are provided to them.

These are some of the takeaways we can implement in our system. If you are thinking of more, feel free to share.