In this lab, I learn how to create and manage AWS users and manage their roles and permissions.
First off I must check the region I am working in is supported by looking at the table
I can see that Sydney is there and that is my current region I am in, so I am all good to go.
CREATING NEW USERS
I am now required to create three new users, this is done in IAM (Identity & access Management)
Now, I will just explain why I have set it up the way I have. userone to three got their names from the instructions of the lab, thankfully we went over access types in class so I knew to give the management console option. I gave it an auto generated password because I am curious on how this works, really no other reason than that.
So the users were not assigned groups yet as that will be done individually, but I did get an answer to my question on what happens when you automatically create a password for each user. It gives you an option to show each password for each user, or to email each users details to you.
CREATING NEW GROUPS AND ASSIGNING POLICIES
I am now required to create three groups that match the description the three above.
As you can see I assigned this group EC2 read only permissions, the reason I created it this way is because in the documentation is states “The EC2Support group has the capabilities to monitor and watch the status of our EC2 Instances”
The EC2 Admin I gave full permissions in the EC2 Service as what’s an Admin with limitations in their field?
And same again for the S3 admin, I assigned it the S3 Full access policy.
ADDING USERS TO GROUPS
In this section I am requiered to add each user into their own specfic group.
userone to EC2support.
usertwo into EC2admin.
userthree into S3admin
Now to confirm each group now has a user.
SETTING CUSTOM PASSWORDS
Well lucky I did not set custom passwords at the start!
In this part, I am to set custom passwords for each of my users created and the requirements being.
So I went through and changed each one with Last Pass. see example below.
Testing User Permissions
Now show time! Lets see what these little users can and can’t do
First we are looking at userone.
“Hey userone, make me a Ubuntu Server!”
“oh… Hey userone, hows Techdox-Forum looking?”
So we can see userone can not create any new instance but can looking over any current running instance! maybe one-day userone.
Okay! lets see usertwo!
“Hey usertwo, make me a Ubuntu server!”
“Well done! Now make me an S3 bucket to go with that!”
Well, time to get in userthree!
“userthree make me an S3Bucket!”
“userthree well done! now check my current billing reports.”
Following the Lab was pretty straight forward and I did not face any issues that stumped me, there was one issue that was anoyying and that was with user three.
Every time I set it a custom password, I would go to sign in and the password was wrong. I just logged in with my admin account (not my god account) and made the change manually and it worked. I suspect LastPass had a play in that little dilemma.
I love this sort of work, the ability to make users who have their own little place in the system. I can only imagine how big these can really get!
There is one thing I will be doing some research on and that’s Inline Polices.