AWS – Managing AWS activities

Identity Access Management (IAM)

IAM is a service that lets you set user and group permissions on what they are allowed/denied to do.


I have released my new course on Udemy, Kubernetes By Example. Sign up now to get free lifetime access!


It lets you set permissions for resources that belong to the following service categories:

  • computing
  • storage
  • databases
  • applications

These permissions are set specified against particular API-calls/CLI-options/web-gui-console

Here are some examples:

  • give a user (or group) permission to create new EC2 instances
  • deny user (or group) permssions to delete an particular EC2 instance


IAM is very granular and let’s you set all kinds of permissions.



This is a service that logs all aws-console/cli/api activities and who performed them.

It is a logging solution to help identify any security issues.



This is a monitoring service that monitors various service and resources. It can collect and track metrics. It can collect logs for various resources, e.g. cpu utilisation on a given EC2 instance, network bandwith usage….etc.

Cloudwatch ties in with auto-scaling quite closely. E.g. you can instruct cloudwatch to scale-up if cpu usage exceeds 80% or if queue size exceeds 5000 jobs.


Directory services

This service allows you to create and sync AWS users and groups based on local Microsoft Active-Directory Server. Alternatively you can create a new  Microsoft Active Directory (AD) service inside AWS and sync it up with a local Microsoft AD server.

This makes single sign on possible.