Amazon AWS IAM

Within AWS, there are a few different options available for navigating to user authentication and authorization settings. Accessing those options will be dependent upon user permissions, as well as other options administrators may have previously configured. In many cases, an administrator may have used AWS Control Tower to configure a landing zone that aligns with the role- or job-based functions a user may need to access within a multi-account environment. Other options to navigate to organization-level authentication and authorization settings are in the dropdown for the login console, found in the top-right corner, as shown in Figure 3.1:

Figure 3.1 – Navigating to the Organization configuration settings

You may also use the left-side panel to navigate through the list of services and select the category of

Security, Identity, & Compliance and the sub-level navigation option of IAM, as shown in Figure 3.2:

Figure 3.2 – AWS navigation to IAM configuration

Upon navigation to the AWS IAM console, you will find options for a dashboard as well as configuration options for areas such as Users, User groups, Identity providers, and password management settings, as seen in Figure 3.3. Direct navigation to the IAM console is also possible through https:// console.aws.amazon.com/iam/. Reviewing the configuration settings here will provide insight into any external identity providers in use, how accounts may or may not be synchronized with other systems, which password policies are in place, whether users may be restricted from managing their own credentials, and if MFA has been enabled. You should note that in AWS, MFA is enabled separately for root and IAM users. Enabling MFA for the root user does not impact the MFA settings for IAM users and vice versa, so special attention should be paid to this area:

Figure 3.3 – AWS IAM configurations

In addition to navigating through the browser to the AWS console and IAM functions, you can also use a command-line interface (CLI). You can access more information on installing and using the AWS CLI at https://aws.amazon.com/cli, and you can find command references specific to IAM at https://docs.aws.amazon.com/cli/latest/reference/iam/index.html.

Now that we have reviewed navigating to IAM configurations in Amazon AWS IAM, let’s now look at navigating to IAM configuration options within Microsoft Azure.