How IAM works

Now as we understood what is IAM and its components in previous article lets understand working of IAM

img2

As we know you must authenticated if you’re going to perform an action or operation on an AWS resource. Now there are a few exceptions One example is an S3 bucket & STS, which you can enable for anonymous access.

When we attempt to perform a action or operation on AWS resource, a request context is created. This request context having certain information that is put together to evaluate whether you’re going to be authorized to access the resource and to be able to perform specific action or operation.

As you can see in <<img2>> a request context contains number of things

1. Action: this includes the actual actions or operations you’re attempting to perform.
2. Resources: the resources you are attempting to access.
3. principle: the user, role, federated user, or the application that sent the request.
4. Environment Data: information about IP address, user agent, SSL status or time of the day
5. Resource Data: data related to the resource that you’re trying to access

Steps for authorizing the request:

1. Aws authenticates the principle that make the request
2. then processing of request context happens
3. Evaluating all the policies(Identity & resource) with in the account
4. Degerming whether a request is allowed or denied