Introduction to AWS Identity and Access Management (IAM)

In this lab, I learn how to create and manage AWS users and manage their roles and permissions.

First off I must check the region I am working in is supported by looking at the table

Regions.PNG

I can see that Sydney is there and that is my current region I am in, so I am all good to go.

myregion.PNG

_________________________________________________________________

CREATING NEW USERS

I am now required to create three new users, this is done in IAM (Identity & access Management)

user creation.PNG

Now, I will just explain why I have set it up the way I have. userone to three got their names from the instructions of the lab, thankfully we went over access types in class so I knew to give the management console option. I gave it an auto generated password because I am curious on how this works, really no other reason than that.

user details.PNG

So the users were not assigned groups yet as that will be done individually, but I did get an answer to my question on what happens when you automatically create a password for each user. It gives you an option to show each password for each user, or to email each users details to you.

_________________________________________________________________

CREATING NEW GROUPS AND ASSIGNING POLICIES

groups.PNG

I am now required to create three groups that match the description the three above.

ec2supportec2support2

As you can see I assigned this group EC2 read only permissions, the reason I created it this way is because in the documentation is states “The EC2Support group has the capabilities to monitor and watch the status of our EC2 Instances” EC2admin

ec2admin 2

The EC2 Admin I gave full permissions in the EC2 Service as what’s an Admin with limitations in their field?

s3admins3admin2

And same again for the S3 admin, I assigned it the S3 Full access policy.

proof of groups.PNG

_________________________________________________________________

ADDING USERS TO GROUPS

In this section I am requiered to add each user into their own specfic group.

userone to EC2support.

userone.PNG

usertwo into EC2admin.

usertwo.PNG

userthree into S3admin

userthree.PNG

Now to confirm each group now has a user.

usersingroups.PNG

_________________________________________________________________

SETTING CUSTOM PASSWORDS

Well lucky I did not set custom passwords at the start!

In this part, I am to set custom passwords for each of my users created and the requirements being.

passwordreq.PNG

So I went through and changed each one with Last Pass. see example below.

password.PNG

_________________________________________________________________

Testing User Permissions

Now show time! Lets see what these little users can and can’t do

First we are looking at userone.

useronelogin.PNG

“Hey userone, make me a Ubuntu Server!”

useronefail.PNG

“oh… Hey userone, hows Techdox-Forum looking?”

useronepass.PNG

So we can see userone can not create any new instance but can looking over any current running instance! maybe one-day userone.

Okay! lets see usertwo!

usertwo login.PNG

“Hey usertwo, make me a Ubuntu server!”

usertwopass.PNG

“Well done! Now make me an S3 bucket to go with that!”

usertwofail.PNG

“oh…”

Well, time to get in userthree!

userthreesign.PNG

“userthree make me an S3Bucket!”

userthree pass.PNG

“userthree well done! now check my current billing reports.”

userthreefail.PNG

“oh..”

_________________________________________________________________

CONCLUSION

Following the Lab was pretty straight forward and I did not face any issues that stumped me, there was one issue that was anoyying and that was with user three.

Every time I set it a custom password, I would go to sign in and the password was wrong. I just logged in with my admin account (not my god account) and made the change manually and it worked. I suspect LastPass had a play in that little dilemma.

I love this sort of work, the ability to make users who have their own little place in the system. I can only imagine how big these can really get!

There is one thing I will be doing some research on and that’s Inline Polices.

Post Author: Techdox

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.