Welcome to Chronicles, let's learn about AWS Identity and Access Management (IAM) roles and Multi-Factor Authentication (MFA) usage.

Description

AWS IAM is a web service that enables AWS customers to manage users and user permissions. This service is crucial for organizations with multiple users or systems in the cloud. IAM allows centralized management of users, security credentials, and permissions for accessing AWS resources.

The main objectives of IAM include securely controlling access to AWS services, managing and creating policies for different users, and utilizing various access methods such as access keys, passwords, and MFA devices.

Let's perform the following tasks and learn about IAM roles and MFA.

Task 1: Explore Users and Groups

In this task, you will explore the Users and Groups that have already been created for you in IAM.

1. In the AWS Management Console, on the Services menu, select IAM.

2. In the navigation pane on the left, choose Users.

3. Choose user-1.

4. Notice that user-1 does not have any permissions.

5. Choose the Groups tab.

6. Choose the Security credentials tab.

7. In the navigation pane on the left, choose User groups.

8. Choose the EC2-Support group.

9. Choose the Permissions tab.

10. Choose the plus (+) icon next to the AmazonEC2ReadOnlyAccess policy to view the policy details.

11. Choose the minus icon (-) to hide the policy details.

12. In the navigation pane on the left, choose User groups.

13. Choose the S3-Support group and then choose the Permissions tab.

The S3-Support group has the AmazonS3ReadOnlyAccess policy attached

14. Choose the plus (+) icon to view the policy details.

This policy grants permissions to Get and List resources in Amazon S3.

15. Choose the minus icon (-) to hide the policy details.

16. In the navigation pane on the left, choose User groups.

17. Choose the EC2-Admin group and then choose the Permissions tab.

18. Choose the plus (+) icon to view the policy details.

This policy grants permission to view (Describe) information about Amazon EC2 and also the ability to Start and Stop instances

19. Choose the minus icon (-) to hide the policy details.

20. In the navigation pane on the left, choose User groups.

21. Choose the EC2-Admin group and then choose the Permissions tab.

This Group is slightly different from the other two. Instead of a Managed Policy, it has an Inline Policy, which is a policy assigned to just one User or Group. Inline Policies are typically used to apply permissions for one-off situations.

22. Choose the plus (+) icon to view the policy details.

This policy grants permission to view (Describe) information about Amazon EC2 and the ability to Start and Stop instances.

23. Choose the minus icon (-) to hide the policy details.

Task 2: Add Users to Groups

You have recently hired user-1 into a role where they will provide support for Amazon S3. You will add them to the S3-Support group so that they inherit the necessary permissions via the attached AmazonS3ReadOnlyAccess policy. You can ignore any "not authorised" errors that appear during this task. They are caused by your lab account having limited permissions and will not impact your ability to complete the lab.

1. In the left navigation pane, choose User groups.
2. Select a group (e.g., S3-Support).
3. Access the Users tab.
4. Choose Add users and configure the necessary details.
5. Verify the addition of the user to the group.

In the Users tab you will see that user-1 has been added to the group. In the navigation pane on the left, choose User groups.

Task 3: IAM Sign-in and EC2 Access

1. Navigate to IAM users and copy the IAM sign-in link.
2. Paste the link into a private window and sign in with IAM username (user-3) and password (Lab-Password3).
3. In the Services menu, choose EC2 and navigate to Instances.
4. Confirm the EC2 Administrator permissions by attempting to Stop an instance.

Congratulations !!! You have successfully completed all the tasks.