Purpose of the this hands-on training is to give basic understanding of how to use IAM and IAM components.
At the end of the this hands-on training, students will be able to;
-
understand root user and IAM user
-
create IAM user
-
explain the credentials
-
create a settings for IAM user
-
create a group
-
anatomy of the policy and attaching policy to identities.
-
make troubleshooting about credentials
-
create role and attach to EC2
-
Part 1 - Creating IAM user and arrange user settings
-
Part 2 - Creating Groups
-
Part 3 - Troubleshooting about credentials
-
Part 4 - Creating role and attaching to EC2
-
Log in as a Root user. !!!! Please use "your individual root account."
-
Show the Dashboard of IAM
-
Show IAM users "sign-in link" and customize it as alias . Tell the student to write down the account alias.
-
Create IAM user with Administrator access for your daily work :
- Explain that unless it is needed, students won't use root account anymore.
- Explain policy Administrator access* policy and policy format
-
Click on newly created User---->>> Security Credentials show the credentials.
-
Create bill settings: Since we'll not use root account for daily work, we also need to check our billing from IAM user console .So we need to make some setting for this issue.
- Right top of the page click your name ----> Select My account -->> IAM User and Role Access to Billing Information--->> Edit--->>
-
Sign Out and Sign in with newly created IAM user with "Clarusway IAM user".
-
Check the users and Billing services to be accessible or not.
- Create group called Database (RDS FullAccess)
- Explain why we use group
- Explain inline policy and group relation
- Assign users to the Database Group
- Create group called Developer (S3 and EC2 FullAccess)
- Assign users to the Developer Group
- Ask the status of the user without policy when you delete the group which has policy
- Click User>>>>> Select user---->>Security Credential--->> Console Password---> Click "Manage"--->>Set password >>>> Custom password
- Click User>>>>> Select user---->>Security Credential--->> Go Access keys ---> Deactivate---->> Delete --->>>Create new
- Create a role :
Trusted Entity : AWS services
Use case : EC2
Permission : S3FullAccess
Name : FirstRoleS3Full
-
Launch an Instance without role:
- AMI : Amazon Linux 2023
- Instance Type : t2.micro
- IAM role : "None"
- Security Group: : HTTP & SSH Allowed
- User data :
#!/bin/bash
yum update -y
yum install -y httpd
cd /var/www/html
aws s3 cp s3://osvaldo-pipeline-production/index.html .
aws s3 cp s3://osvaldo-pipeline-production/cat.jpg .
systemctl enable httpd
systemctl start httpd
-
Launch an Instance with FirstRoleS3Full role:
- AMI : Amazon Linux 2023
- Instance Type : t2.micro
- IAM role : FirstRoleS3Full
- Security Group: : HTTP & SSH Allowed
- User data :
#!/bin/bash
yum update -y
yum install -y httpd
cd /var/www/html
aws s3 cp s3://osvaldo-pipeline-production/index.html .
aws s3 cp s3://osvaldo-pipeline-production/cat.jpg .
systemctl enable httpd
systemctl start httpd
- Show that the instance without role wasn't able to access S3 bucket. So the web page couldn't fetch the index.html and cat.jpg file.