Using the AWS Identity and Access Management Service
AWS just released a brand new service named the Identity and Access management Service (IAM) intended to be the main way to manage all your users and their security credentials for AWS resources. You can setup groups and assign users to them. Each group or user can be assigned an Access Policy that determines the level of access granted to the AWS resources in your account. Each user has their own set of access keys, so you no longer have to share the same keys between users. Ylastic has integrated IAM and we are excited to release complete support for this new service. :-) Here is an overview of the IAM setup for our demo AWS account.
This overview displays all your groups and the users assigned to them. Users that do not have any access keys are displayed in red. Yep. This chart is automatically generated in Ylastic at the click of a button! The chart is color-coded to make it easy to quickly glean important info. Here are some of the groups and users mentioned in the chart.
You can assign and unassign users from groups easily.
Policies written in the Access Policy Language are the primary way to grant access to resources. You can assign a policy to either a group that contains users or to individual users. Here is a sample policy that gives access to only the RunInstances operation.
When a user that this access policy applies to makes an API call for any other operations, other than RunInstances, access is denied and an appropriate error message is returned.
You can configure and manage all of these IAM resources from within Ylastic:
- Groups
- Group Policies
- Users
- User Policies
- User Access Keys
We are working on even more tools around IAM, including mobile access from your iPhone, Android or Blackberry. Simplify your cloud management!
