Skip to content

Latest commit

 

History

History
136 lines (85 loc) · 3.77 KB

README.md

File metadata and controls

136 lines (85 loc) · 3.77 KB
Raw

Hands-on IAM-01

Purpose of the this hands-on training is to give basic understanding of how to use IAM and IAM components.

Learning Outcomes

At the end of the this hands-on training, students will be able to;

  • understand root user and IAM user

  • create IAM user

  • explain the credentials

  • create a settings for IAM user

  • create a group

  • anatomy of the policy and attaching policy to identities.

  • make troubleshooting about credentials

  • create role and attach to EC2

Outline

  • Part 1 - Creating IAM user and arrange user settings

  • Part 2 - Creating Groups

  • Part 3 - Troubleshooting about credentials

  • Part 4 - Creating role and attaching to EC2

Part 1 - Creating IAM user and arrange user settings

  • Log in as a Root user. !!!! Please use "your individual root account."

  • Show the Dashboard of IAM

  • Show IAM users "sign-in link" and customize it as alias . Tell the student to write down the account alias.

  • Create IAM user with Administrator access for your daily work :

    • Explain that unless it is needed, students won't use root account anymore.
    • Explain policy Administrator access* policy and policy format

  • Click on newly created User---->>> Security Credentials show the credentials.

  • Create bill settings: Since we'll not use root account for daily work, we also need to check our billing from IAM user console .So we need to make some setting for this issue.

    • Right top of the page click your name ----> Select My account -->> IAM User and Role Access to Billing Information--->> Edit--->>

  • Sign Out and Sign in with newly created IAM user with "Clarusway IAM user".

  • Check the users and Billing services to be accessible or not.

Part 2 - Creating Groups and Users

Step 1 - Creating users of Database and Database Group

  • Create group called Database (RDS FullAccess)
  • Explain why we use group
  • Explain inline policy and group relation
  • Assign users to the Database Group

Step 2 Create users of Developer and Developer Group

  • Create group called Developer (S3 and EC2 FullAccess)
  • Assign users to the Developer Group
  • Ask the status of the user without policy when you delete the group which has policy

Part 3 - Troubleshooting about credentials

Step 1 - What if you forget the password

  • Click User>>>>> Select user---->>Security Credential--->> Console Password---> Click "Manage"--->>Set password >>>> Custom password

Step 2- What if you forgot your secret access keys key

  • Click User>>>>> Select user---->>Security Credential--->> Go Access keys ---> Deactivate---->> Delete --->>>Create new

Part 4 - Creating role and attaching to EC2

  • Create a role :
Trusted Entity : AWS services
Use case       : EC2
Permission     : S3FullAccess
Name           : FirstRoleS3Full

  • Launch an Instance without role:

    • AMI : Amazon Linux 2023
    • Instance Type : t2.micro
    • IAM role : "None"
    • Security Group: : HTTP & SSH Allowed
    • User data :
#!/bin/bash

yum update -y
yum install -y httpd
cd /var/www/html
aws s3 cp s3://osvaldo-pipeline-production/index.html .
aws s3 cp s3://osvaldo-pipeline-production/cat.jpg .
systemctl enable httpd
systemctl start httpd

  • Launch an Instance with FirstRoleS3Full role:

    • AMI : Amazon Linux 2023
    • Instance Type : t2.micro
    • IAM role : FirstRoleS3Full
    • Security Group: : HTTP & SSH Allowed
    • User data :
#!/bin/bash

yum update -y
yum install -y httpd
cd /var/www/html
aws s3 cp s3://osvaldo-pipeline-production/index.html .
aws s3 cp s3://osvaldo-pipeline-production/cat.jpg .
systemctl enable httpd
systemctl start httpd
  • Show that the instance without role wasn't able to access S3 bucket. So the web page couldn't fetch the index.html and cat.jpg file.