IAM and Glacier

Description and role of IAM in AWS

IAM is defined as AWS Identity and Access Management , IAM helps /enables the the user to create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources. IAM, you can give other users access to your AWS account without sharing root use credentials or access keys, and you can restrict their access in a granular way.

IAM Features:

1. Shared Access to your AWS account.
2. Granular permissions
3. Secure access to AWS resources for applications that run on Amazon EC2
4. Multi-factor authentication (MFA)
5. Identity federation
6. Identity information for assurance
7. Identity information for assurance
8. Integrated with many AWS services
9. Eventually Consistent
10. Free to use

Accessing IAM :

AWS Management Console

The console is a browser-based interface to manage IAM and AWS resources. For more information about accessing IAM through the console, see Signing in to the AWS Management Console as an IAM user or root user. For a tutorial that guides you through using the console, see Creating your first IAM admin user and group.

AWS Command Line Tools

You can use the AWS command line tools to issue commands at your system’s command line to perform IAM and AWS tasks. Using the command line can be faster and more convenient than the console. The command line tools are also useful if you want to build scripts that perform AWS tasks.

AWS provides two sets of command line tools: the AWS Command Line Interface (AWS CLI) and the AWS Tools for Windows PowerShell. For information about installing and using the AWS CLI, see the AWS Command Line Interface User Guide. For information about installing and using the Tools for Windows PowerShell, see the AWS Tools for Windows PowerShell User Guide.

AWS SDKs

AWS provides SDKs (software development kits) that consist of libraries and sample code for various programming languages and platforms (Java, Python, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to IAM and AWS. For example, the SDKs take care of tasks such as cryptographically signing requests, managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the Tools for Amazon Web Services page.

IAM HTTPS API

AWS Management Console

The console is a browser-based interface to manage IAM and AWS resources.

AWS Command Line Tools

You can use the AWS command line tools to issue commands at your system’s command line to perform IAM and AWS tasks. Using the command line can be faster and more convenient than the console. The command line tools are also useful if you want to build scripts that perform AWS tasks. AWS provides two sets of command line tools: the AWS Command Line Interface (AWS CLI) and the AWS Tools for Windows PowerShell

AWS SDKs

AWS provides SDKs (software development kits) that consist of libraries and sample code for various programming languages and platforms (Java, Python, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to IAM and AWS. For example, the SDKs take care of tasks such as cryptographically signing requests, managing errors, and retrying requests automatically.

IAM HTTPS API

You can access IAM and AWS programmatically by using the IAM HTTPS API, which lets you issue HTTPS requests directly to the service. When you use the HTTPS API, you must include code to digitally sign requests using your credentials.

AMAZON GLACIER

Amazon Glacier is a low-cost cloud storage service for data with longer retrieval times offered by Amazon Web Services (AWS).

A developer uses a cold data cloud service such as Amazon Glacier to move infrequently accessed data to archival storage to save money on storage costs. He can also move database backups from tape storage media to the cloud for long-term Glacier storage.

In short it can be explained as:

• Data Archiving Solution
• It’s designed for infrequently accessed data (you may require that data later for business need or legal purpose)
• Long term storage solution for low cost
• 99.999999999(11 9’s of durability)

Data retrieval from Glacier

• Expedited: 1–5 min(highest cost)
• Standard: 3–5 hour
• Bulk: 5–12 hour(lowest cost)

Security with Amazon Glacier

• Glacier access can be control using IAM
• Glacier encrypt your data using AES-256
• Glacier manages key for you

Glacier vs. Amazon S3

Amazon Glacier provides durable storage for any type of data format that will be accessed in three to five hours. A developer could use Amazon Glacier in conjunction with storage lifecycle management, rotating rarely used data to cold storage to save money. Glacier differs from Amazon’s more expensive Simple Storage Service (S3) in that S3 is designed for data that needs to be retrieved in real-time.

An enterprise turns to Amazon S3 for object storage with low latency. S3 is a better fit than AWS’ Glacier storage for an enterprise that requires regular or immediate access to data.