What is IAM role authentication?
IAM is accessing securely controls the AWS resources using any format of language.
which means You can centrally manage permissions that control which AWS resources users can access.
Security Benefits of the IAM Role?
Data breaches
Malware
Phishing attacks
Identity theft
Unlawful
How Does IAM Works?
A user or an application uses their sign-in credentials to authenticate with AWS. Authentication is provided by the matching access to the AWS account authentication.
What policies are being enforced to control the level of access granted, and any other policies that might be in effect.
Let's see the different types of IAM Role authentication
1. IAM Role User
2. IAM Role STS [security token service]
3. IAM Role Instance profile
1. IAM Role User
Basically, IAM Role plays the role without an AWS actual account. For example, we have one AWS account. In that account we have a section IAM option, using that option we can create an IAM Role user.
Go to IAM ---- Create IAM User --- select any user group [which you already created with some permissions] --- Save
Once you save you can get the AWS access key and AWS secrete key, just note it down to use the feature reference authentication.
2. IAM Role STS
IAM Role STS belongs to the AWSStaticCredentialsProvider
also, it requires the assumed role to identify the specific role of ARN to authenticate the STS.
We need to create policies and roles in the IAM section, and based on that assumed role, need to link the ARN of the IAM User. Inputs should be the DB user, access key, secrete key and role ARN. Before connecting the database, it returns the temp access key, and secret key to authenticate the STS IAM Role authentication.
3. IAM Instance Profile
This was relying on instance profiling-based authentication, it requires the DefaultAWSCredentialsProviderChain , but we need to define which instance needs to communicate with this profile. Here we don't need the AWS access key and secrete key, only require ARN and DB users.
AWS IAM introduced the cross-account concept, which is accessible from the instance level, it's not required an access key or secret key. Because it will get the environment level or temp level on the instance level.
1. What is a Cross account in AWS IAM?
Cross Account is working between two different account setups. trust relationship with the IAM role to another account.
For example, if we have 2 different accounts. account A contains the Role A setup and policy setup. Account 2 contains the Role B setup and database access permission. Finally, we need to assign role A to the instance.
2. How Cross account works with AWS IAM?
2. How Cross account works with AWS IAM?
3. What is the difference between an IAM Single account and Cross Account?
- IAM single account required to access key and secret key, which we need to create each account user in the user's section.
- IAM Cross account doesn't require the account creation for each account.
- IAM single account maintains all the information in a single AWS account, which is not allowed for multiple access.
- IAM Cross account, we need to maintain two different accounts for all maintained access. For example, an Application instance running different accounts and the AWS database running on different at that time cross-account will help the access authentication
Social Plugin