For an organisation adopting Cloud Computing, one of the benefits is the self service nature of the cloud. If a developer requires a test machine for a short period of time, using an Amazon EC2 instance or Azure server instance is an obvious cheap solution. Not only is the machine only paid for the time it is being used, there is no capital investment required.
A question to be asked for organisations when working with a cloud provider such as Amazon is who will have responsibility for provisioning and releasing resources. One account with a credit card is created but ideally this would not be shared with all personel who require cloud access.
The solution for Amazon EC2 is Amazon Identity and Access Management (IAM). This welcome addition to the Amazon toolset allows the creation of multiple users on a single amazon account. Each user can be assigned permissions on the main account eliminating the need to share passwords or access keys. This enables fine grained security to be configured based on users. For example, an individual user could be allowed permission to start EC2 instances but not terminate them.
Currently IAM is available from the command line tools and the API interface. Plans for incorporating the toolset into the management console have also been announced. No new or extra work is required to use IAM with existing AWS API’s – the security is incorporated seamlessly.
In summary, Amazon have provided a cloud specific transparent security solution that enables a simple, yet elegant solution to enabling controlled multiple user access to AWS resources. Even better, there is no charge for this service – you just pay for the resources utilised as before.