IAM and Glacier

Glacier

AWS Glacier is a highly secure low cost and durable storage, It is an economical storage solution to store data that would remain forever but rarely accessed.

It is an ideal choice for data backup and archiving, Provides data security of the highest level, and offers flexibility in storing and retrieving data.

AWS glacier provides some features like capacity planning, Hardware provisioning, Detecting and repairing Hardware Failure, data replication, and hardware migrations, to maintain historical data can be difficult as it adds to the administrative liability of managing and storing huge amounts of data.

When we preserve data in Amazin glaciers it will store data in Archives. This enables the user to store a single file or a combination of several files, Archives are arranged in Vaults which can be accessed using the AWS IAM service.

Organizations tend to use the AWS Glacier for the following use cases

1. Archiving off-site enterprise information.
2. Backing up media assets.
3. Storing research and scientific data.
4. preserving digital data.
5. Replacing magnetic tapes.

Any individual object archived into amazon glacier such as a document, video, or any other file is referred to as an archive. Each archive has a unique ID assigned to it by AWS. The archives are stored in vaults and a vault is addressed by a unique name assigned to it by its creator, We can create up to 1000 vaults in Amazon Glacier.

AWS Glacier Archive consists of three components they are

1. The Account ID of your AWS master account.
2. The ID of the Individual archive.
3. The name of the vault.

IAM

Amazon Identity and Access Management or IAM allow you to manage access to compute, storage, database, and application services.

IAM uses access control concepts such as users, groups, and permissions which get applied to individual API calls.

We can specify controls to which users can access specific services, the kinds of actions they can perform, and which resources are available ranging from virtual machines, and databases.

IAM is a permission system that regulates access to AWS resources. so that you as an administrator can define who can access what on an AWS account.

IAM allows you to assign permissions to groups of users. It also provides a mechanism to monitor and audit access to specific resources by enabling AWS cloud Trail. It can easily Integrate with Another Identity tech.

The 4 key concepts of IAM are Users, Groups, Roles, and Policies.

Users are referred to as specific individuals which can receive personal logins.

Groups are referred to as a collection of users with a common theme such as Group of Intern students.

Roles are referred to as a collection of policies for example you can define a role that has both database read and database write.

Policies are referred to as low-level permissions to access resources by either allowing or denying.

Assigning Roles to Users

1. Go to AWS management console.
2. On the security, Identity, and compliance tab click on IAM.
3. You will be redirected to the IAM dashboard and there you can see users click on it.
4. Click on the add user button on the user's dashboard and give the user a name.
5. ANd in the Access type select the AWS management console access or if u need the user to access the resources through CLI you can also give the programmatic access based on the requirement give the user appropriate access.
6. Click on the custom password in the console password section and create a new password and make sure you uncheck the required password reset as it is complicated as the user needs to create a password every time.
7. Click on the Next button at the end.
8. You will be redirected to the permissions tab of the user, you can import permissions of the other group by adding the user to that group or you can create a new group for the user or you can attach a policy.
9. click on add or attach a policy directly.
10. select the appropriate policies and click on the Next button on the bottom.
11. Review all the appropriate settings and click on the create user button.
12. Now the user will be created and we can receive the access key and secret key of the user.
13. After creating Users click on the role button and click on create a new Role.
14. Set role name and click next.
15. On the Select role type select the appropriate role and when you select that you are prompted to select a policy.
16. Select the appropriate policy and click Next.
17. Review the role setting and policy and after you are done with all requirements click on create the role.
18. Hence the roles for the users are assigned.