Sunday, September 4, 2022

Identity Access Management(IAM)

About  Identity Access Management(IAM)  


An AWS web service for securely controlling access to AWS resources. It enables you to create and control services for user authentication or limit access to a certain set of people who use your AWS resources.


How IAM works?

  • A principal is an entity that can perform actions on an AWS resource. A user, a role or an application can be a principal.
  • Authentication is the process of confirming the identity of the principal trying to access an AWS product. The principal must provide its credentials or required keys for authentication.
  • Request: A principal sends a request to AWS specifying the action and which resource should perform it.
  • Authorization: By default, all resources are denied. IAM authorizes a request only if all parts of the request are allowed by a matching policy. After authenticating and authorizing the request, AWS approves the action.
  • Actions are used to view, create, edit or delete a resource.


IAM Components

  • Users: An IAM user is an identity with an associated credential and permissions attached to it. End Users such as employees of an organization or any other user.
  • Groups: A collection of IAM users is an IAM group. You can use IAM groups to specify permissions for multiple users so that any permissions applied to the group are applied to the individual users in that group as well. Each user in the group will inherit the permissions of the group. 
  • Roles: We create roles and then assign them to AWS Resources. An IAM role is a set of permissions that define what actions are allowed and denied by an entity in the AWS console.
  • Policies: Policies are made up of documents, called Policy documents.  Documents are in JSON format and they give permissions as to User/Group/Roles and define their access what they are able to do. An IAM policy sets permission and controls access to AWS resources. policy would contain the following information:


# Who can access it

# What actions that user can take

# Which AWS resources that user can access

# When they can be accessed


Identity Access Management(IAM) Features

Features:

  • Centralized control of your AWS account
  • Shared Access to your account : You can grant other people permission to administer and use resources in your AWS account without having to share your password or access key.
  • Secured access to AWS sources : You can use IAM features to securely provide credentials for applications that run on EC2 instances. These credentials provide permissions for your application to access other AWS resources. Examples include S3 buckets and DynamoDB tables.
  • Granular Permissions: You can grant different permissions to different people for different resources.
  • Identity Federation :  If the user is already authenticated, such as through a Facebook or Google account, IAM can be made to trust that authentication method and then allow access based on it. This can also be used to allow users to maintain just one password for both on-premises and cloud environment work.
  • Multifactor Authentication : IAM supports MFA, in which users provide their username and password plus a one-time password from their phone—a randomly generated number used as an additional authentication factor.
  • Provide temporary access for users/devices and services where necessary.
  • Allows you to set up your own password rotation policy. IAM Password policy allows you to reset a password or rotate passwords remotely. You can also set rules, such as how a user should pick a password or how many attempts a user may make to provide a password before being denied access.
  • Integrates with many different AWS services
  • Supports PCI DSS(Payment Card Industry Data Security Standard) Compliance. This is an information security standard for organizations that handle branded credit cards from the major card schemes. IAM complies with this standard.
  • Free to use. There is no additional cost for IAM security & creating additional users, groups or policies.


Reference : https://docs.aws.amazon.com/

   https://www.simplilearn.com/

at No comments:

Saturday, September 3, 2022

How to add a user in Linux

 Adding a User in Linux


1. Log in as root


2. Use the command useradd "name of the user"

useradd -m <username>

Example : useradd -m gauravkumar

Note: -m to create user home folder in /home directory.

Note: useradd command adds an entry to the /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow files.

To be able to log in as the newly created user, we need to set the user password. To do that run the passwd command followed by the username:

sudo passwd username

We will be prompted to enter and confirm the password. Make sure we use a strong password.


3.  Use su(switching users) suffixed with the name of the user we just added above


su - gauravkumar

Note: su “-“ will execute the login profile. All the env variables and alias for the user will be available.


4. Execute below command and it will open VI editor, insert new user public keys in the vi editor. Save and Exit.

All command need to execute in /home/<new user folder>

mkdir .ssh; 

chmod 700 .ssh; 

cd .ssh; 

touch authorized_keys; 

chmod 600 authorized_keys; 

vi authorized_keys


5.At home dir

Use vi /etc/group

Check the log here: tail -f /var/log/secure

When the added user will log using the ssh keys in their env then it will show the related log here.


Deleting a User From Linux


We can use userdel command and “name of the user”.

Example : userdel gauravkumar

Note: -r option with userdel : help to delete the user as well as its home directory.


Example: userdel -r gauravkumar


Create a User with Specific Home Directory


useradd command with -m option creates the user’s home directory in /home by default. 

If we would like to create the user’s home directory in any other location, then we could use the d (--home) option.


Example which shows how to create a new user named <username> with a home directory of /opt/username:

sudo useradd -m -d /opt/gauravkumar gauravkumar


Create a User with Specific User ID 


As we know that users are identified by unique UID and username, In Linux, User identifier (UID) is a unique positive integer assigned to each user.

when a new user is created, the system assigns the next available UID from the range of user IDs specified in the login.defs file.


useradd with the -u (--uid) option to create a user with a specific UID. 

For example: to create a new user named gauravkumar with UID of 2022 we need to execute below command:


sudo useradd -u 2022 gauravkumar


We can check the user’s UID, using the id command like below:


id -u username

Result: 2022

at No comments:
Subscribe to: Comments (Atom)

dig v/s host v/s nslookup

 dig v/s host v/s nslookup Dig and nslookup are two tools that can be used to query DNS servers.  They both perform similar functions, but t...

  • Public and Private IP's
    IP Addresses What is a public IP address? A public IP address((or external) can be accessed directly over the internet and is assigned to yo...
  • Docker-Tutorial
     Docker Basics Docker is a container management service. The keywords of Docker are Build, share and run anywhere. The whole idea of Docker ...
  • S3 Basics
    S3 – The Basics S3 provides developers and IT teams with secure, durable, highly-scalable objects storage. Amazon S3 is easy to use, with a ...