Lab 1 (Introduction to AWS Identity and Access Management (IAM) )

Amazon Web Service Identity and Access Management (IAM) gives the users to protection to  control and access to AWS services and their resources. By Using IAM you are able to create and manage Groups, Roles, Policies, AWS users, and use policies to allow and deny capacity with respect to AWS resources.

In this Lab you will learn:

  • How to Explore pre-created IAM users and groups
  • How to Update passwords for users
  • How to Locate and using the IAM sign-in URL
  • How to experiment with the effect of the policies in service access
  • How to Inspect IAM policies as applied to the pre-created groups

AWS Identity and Access Management is used to Create users in IAM and assign them individual security credentials and that is access keys, passwords, and multi-factor authentication devices. By Managing IAM roles and their permissions, You can create roles in IAM and manage policies to control which operations can be performed by the entity or AWS service, that assumes the role.

Note: IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services. If you are using a free tier up to a certain level you can use it free for an one year.

To begin with the lab first you have to create users. To create Users Click on Services in the AWS management Console and then click on IAM

1

Click on Users which is at the left panel.

2

When you get to Users page click on Add User the below image will guide you through how to create users. For the User name i have given User1 but you can give any name you want. Select AWS access Type AWS Management Console Access and give the console password as Custom password and give any password you like.

Note: You can choose Programmatic Access as well but it bit more advance in the security wise.

3

Follow the above steps and create another two users.

4

Now lets see how to create groups. click on Groups in the navigation pane. Click on Create New Group 

5

For the group name give EC2support and click on Next Step.

6

In attach policy search and select AmazonEC2ReadOnlyAccess. Click on Next Step.

7

Review the group name and the policy. If they are correct click on Create Group.

8

You have to create two additional groups and you should follow the same procedure that you followed above to create the EC2support.

For the second Group, Give the name as EC2admin and the attach policy as AmazonEC2fullAccess. Review and click on create.

For the Third Group, Give the name as S3admin and the attach policy as AmazonS3fullAccess. Review and click on create.

910

111213

The lets add the users we created to the groups we created. Click on groups, Click on EC2support group. Under the users tab click Add Users to Group. select user1 and click the Blue Add Users button 

Add User2 to EC2admin in the similar way and do the same procedure to add the user3 to S3admin.

141516171819202122

When you are finished adding users. click on groups in the left hand navigation panel and you can see that each group contain 1 User in the users column.

23

Now lets see how to set custom passwords and replace the password you have. Click on Users and click on user1.

24

Then select security credentials.

25

Under Sign-in credentials click on Manage password.

26

Choose the radio button for custom password and set password. click on apply. Recall the same steps for the other 2 users.

Note: When you are giving a password, the password should contain at least one uppercase letter, one lower case letter, one number or at least a one non-alphanumeric character.

27

To test and login to access the storage administrator we should use user3 login details. and to get the link to get sign-in, Go to IAM right under the Welcome to identity and Access Management you will see the IAM users sign-in link.

28

Copy and paste the URL in a new tab and sign-in using the login name as user3 and the password as P@s***R*0*

29

In the upper corner you will notice that you have logged in as user3.

30

Click S3 service and check if you have the access to the storage.

3132

Do the same steps to user1 and user 2 check you can log in

333435

Conclusion:

By the end of this lab you have learned:

  • How to Explore pre-created IAM users and groups
  • How to Update passwords for users
  • How to Locate and using the IAM sign-in URL
  • How to experiment with the effect of the policies in service access
  • How to Inspect IAM policies as applied to the pre-created groups
Advertisements
This entry was posted in Quick Labs. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s