January 17, 2016

AWS – Managing AWS activities

Identity Access Management (IAM)

IAM is a service that lets you set user and group permissions on what they are allowed/denied to do.


You can find all my latest posts on medium.


It lets you set permissions for resources that belong to the following service categories:

  • computing
  • storage
  • databases
  • applications

These permissions are set specified against particular API-calls/CLI-options/web-gui-console

Here are some examples:

  • give a user (or group) permission to create new EC2 instances
  • deny user (or group) permssions to delete an particular EC2 instance


IAM is very granular and let’s you set all kinds of permissions.



This is a service that logs all aws-console/cli/api activities and who performed them.

It is a logging solution to help identify any security issues.



This is a monitoring service that monitors various service and resources. It can collect and track metrics. It can collect logs for various resources, e.g. cpu utilisation on a given EC2 instance, network bandwith usage….etc.

Cloudwatch ties in with auto-scaling quite closely. E.g. you can instruct cloudwatch to scale-up if cpu usage exceeds 80% or if queue size exceeds 5000 jobs.


Directory services

This service allows you to create and sync AWS users and groups based on local Microsoft Active-Directory Server. Alternatively you can create a new  Microsoft Active Directory (AD) service inside AWS and sync it up with a local Microsoft AD server.

This makes single sign on possible.