AWS Identity and Access Management (IAM)
IAS enables to create and manage AWS users and groups, we can apply roles and policies to allow and delay user access to AWS. In IAS we can assign passwords or other security credential methods to enable access control to the users.
2) Change the password and apply and we can do it for the other users as well.
2 ) Now we can log into userthree user, which has S3 admin privileges to check the access. You have to open a different browser to keep login with your student account.
3) Go to the IAM dashboard you can find the user sign in link (as shown below) copy that and paste it in a notepad.
4) Clik on users and go to userthree, at the top of the screen you can see the username copy the full username and past in the same notepad.
Exploring Users and Groups
1) IAS is located under services in the AWS console as shown in in the below slide
1) In the IAM console of the quick labs we have got three different users (userone, usertwo and userthree) it shows the full name in the console, but at the end the full name we can find the username. If you want to create a new user you can use the create new user button on the top of the console.
2) You can click on the user one and you can find the user details as shown below. the user has a password assigned, it is not a member of any group no policies associated with the user.All three users have different permissions associated.
3) Now we can explore the groups, which is located in the left navigation pane. Here we already got three different groups. It also has a long unique name but you can find the names EC2support, EC2admin, and S3admin in the names of the group.
4) Find EC2support group and click on it then click on the permission tab you can see the details like there is a group policy is available and no users are added to the group. Through the policy, you can decide what all actions are allowed for the users in the group. There is an option to make a custom policy or predefined AWS policy as well.
Here in this lab, each group has different permissions assigned through the policies.
* EC2 support group users can monitor and watch the status of the EC2 Instances in the lab.
* EC2admin group users can scale the server farm as per the need of the services.
* S3admin group users has the capabilities to perform any function in the S3 service.
5) Click on the edit policy to view the policy, here we can see the policy definition. The action section defines the AWS service, resource section defines the number of users which is affecting, and the effect is the action. Currently, we are not changing any values here for the quick lab.
Adding users to the group
1) Once we created the group and the policies we can add users to the group. Here we are adding user one to ECTsupport group so that userone will be eligible to monitor the systems as per the policy rules. For adding user to group click on groups then go to the users tab and click 'Add Users to Group' button and select userone and add users button.
2) Follow the same steps to add usertwo to EC2admin group which has the permission to scale the instances up and down.
3) Also, add userthree to S3admin group which has the administrative privileges in the AWS
2) Follow the same steps to add usertwo to EC2admin group which has the permission to scale the instances up and down.
3) Also, add userthree to S3admin group which has the administrative privileges in the AWS
4) After completing the steps to adding the users to groups, you can see the group has been added to the user properties as shown in the below slide.
Set Custom Password
1) We can change the default password by going to users/security credentials/ manage password and replace existing password with a custom password. The password policy can be set to strong password as per the AWS policy, it should contain at least one uppercase letter, lowercase letter, a number, nonalphabetical character.
Test S3 Access
1) The current user (Student user) can only access the S3 dashboard, but the student user can't see what is inside the bucket (as shown in the below slide) .
Likewise, all the users have different privileges now, for testing this we have to login to different users.
3) Go to the IAM dashboard you can find the user sign in link (as shown below) copy that and paste it in a notepad.
4) Clik on users and go to userthree, at the top of the screen you can see the username copy the full username and past in the same notepad.
5) With the login link and username, you can login to the userthree (use the password which we have changed previously)
6) Now we can go to the bucket it should be able to see the contents of the bucket.
Lab completion confirmation
1 comment:
Nice blog thanks for providing for more updates on AWS get touch with AWS Online Training Get Trained
Post a Comment