Scribd
Upload
14 views8 pages

Task 6-Final

The document provides a detailed guide on using AWS Identity and Access Management (IAM) to create users, user groups, and manage permissions within Amazon Web Services. It includes step-by-step instructions for creating users, configuring permissions, and testing user access to various AWS services, including EC2 and S3. Additionally, it outlines the creation of user groups with specific permissions for EC2 and S3 access, demonstrating how to manage user roles effectively.

Uploaded by

abhiramdonupati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views8 pages

Task 6-Final

The document provides a detailed guide on using AWS Identity and Access Management (IAM) to create users, user groups, and manage permissions within Amazon Web Services. It includes step-by-step instructions for creating users, configuring permissions, and testing user access to various AWS services, including EC2 and S3. Additionally, it outlines the creation of user groups with specific permissions for EC2 and S3 access, demonstrating how to manage user roles effectively.

Uploaded by

abhiramdonupati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

‭ ask 6:‬

T
‭1. Introduction to Amazon Relational Database Service (RDS) - SQL Server)‬
‭2. AWS Identity and Access Management (IAM) Task‬
‭ WS‬ ‭Identity‬ ‭and‬ ‭Access‬ ‭Management‬ ‭(IAM)‬ ‭is‬ ‭a‬ ‭web‬ ‭service‬ ‭that‬ ‭enables‬ ‭Amazon‬ ‭Web‬
A
‭Services‬ ‭(AWS)‬ ‭customers‬ ‭to‬ ‭manage‬ ‭users‬‭and‬‭user‬‭permissions‬‭in‬‭AWS.‬‭With‬‭IAM,‬‭you‬‭can‬
‭centrally‬‭manage‬‭users‬‭,‬‭security‬‭credentials‬‭such‬‭as‬‭access‬‭keys,‬‭and‬‭permissions‬‭that‬‭control‬
‭which AWS resources users can access.‬

‭Task1: Creating Users:‬

‭Step 1: Sign in to the AWS Management Console‬

1‭ .‬ G‭ o to the AWS Management Console at‬‭[Link]


‭2.‬ ‭Sign in with your AWS account credentials.‬

‭Step 2: Navigate to the IAM (Identity and Access Management) Service‬

‭1.‬ I‭ n the AWS Management Console, search for‬‭IAM‬‭in the‬‭search bar or find it under the‬
‭Security, Identity, & Compliance‬‭category.‬
‭2.‬ ‭Click on‬‭IAM‬‭to open the IAM dashboard.‬

‭Step 3: Create a New User‬

1‭ .‬ I‭ n the IAM dashboard, click on‬‭Users‬‭in the left-hand‬‭menu.‬


‭2.‬ ‭Click on‬‭Create User‬
‭Step 4: Configure the User Details‬

1‭ .‬ E ‭ nter the‬‭User name‬‭:User1‬


‭2.‬ ‭Under‬‭Select AWS access type‬‭, check‬‭AWS Management‬‭Console access‬‭.‬
‭o‬ ‭For‬‭Console password‬‭, choose‬‭Custom password‬‭(You‬‭create a password for the‬
‭User1 as User1@123).‬
‭3.‬ ‭Uncheck‬ ‭Require password reset‬‭to force the user‬‭to change their password upon first‬
‭login.‬

‭.‬ ‭Step 5: Set Permissions‬


1‭ .‬ C‭ lick‬‭Next: Permissions‬‭.‬
‭2.‬ ‭Choose the following options to set permissions for the user:‬
‭o‬ ‭Attach existing policies directly‬‭: Select policies‬‭that define the permissions for‬
‭the user.‬
‭Step 6: Review and Create the User‬
1‭ .‬ C ‭ lick‬‭Next: Tags‬‭to add optional tags for the user.‬
‭2.‬ ‭Click‬‭Next: Review‬‭to review the user's details and‬‭permissions.‬
‭3.‬ ‭Click‬‭Create user‬‭to finalize the process.‬

‭Click on‬‭download .csv file‬

‭Repeat above steps for to create User2 and User3‬

‭Task 2: Create UserGroups‬


‭(a) Create “EC2-Admin” UserGroup‬
‭Step 1: Navigate to the IAM (Identity and Access Management) Service‬

‭1.‬ I‭ n the AWS Management Console, search for‬‭IAM‬‭in the‬‭search bar or find it under the‬
‭Security, Identity, & Compliance‬‭category.‬
‭2.‬ ‭Click on‬‭IAM‬‭to open the IAM dashboard.‬

‭Step 2: Create a New User Group‬

1‭ .‬ I‭ n the IAM dashboard, click on‬‭User groups‬‭in the‬‭left-hand menu.‬


‭2.‬ ‭Click on‬‭Create group‬‭.‬

‭Step 3: Configure the Group Details‬

1‭ .‬ E‭ nter‬‭EC2-Admin‬‭as the‬‭Group name‬‭.‬


‭2.‬ ‭Click‬‭Create group‬‭to create the group without attaching‬‭any policies at this step.‬

‭Step 4: Attach an Inline Policy to the Group‬


1‭ .‬ I‭ n the‬‭User groups‬‭list, click on the‬‭EC2-Admin‬‭group name.‬
‭2.‬ ‭Click on the‬‭Permissions‬‭tab.‬
‭3.‬ ‭Click‬‭Add permissions‬‭and then select‬‭Create inline‬‭policy‬‭.‬

‭Step 5: Define the Inline Policy‬

1‭ .‬ I‭ n the‬‭Create policy‬‭editor, switch to the‬‭JSON‬‭tab.‬


‭2.‬ ‭Paste the following policy JSON to allow view, start, and stop access to EC2 instances:‬

{‬

‭Version": "2012-10-17",‬
"
"Statement": [‬

{‬

"Effect": "Allow",‬

"Action": [‬

"ec2:DescribeInstances",‬

"ec2:DescribeImages",‬

"ec2:DescribeVolumes",‬

"ec2:DescribeTags",‬

"ec2:DescribeSecurityGroups",‬

"ec2:DescribeKeyPairs",‬

"ec2:DescribeSnapshots"‬

],‬

"Resource": "*"‬

},‬

{‬

"Effect": "Allow",‬

"Action": [‬

"ec2:StartInstances",‬

"ec2:StopInstances"‬

],‬

"Resource": "arn:aws:ec2:*:*:instance/*"‬

}‬

]‬

}‬

‭Step 7: Name and Attach the Policy‬

1‭ .‬ E‭ nter a name for the policy, such as‬‭EC2-ViewStartStopAccess‬‭.‬


‭2.‬ ‭Click‬‭Create policy‬‭to attach it to the group.‬

‭Step 8: Add Users to the Group‬

1‭ .‬ I‭ n the‬‭EC2-Admin‬‭group page, click on the‬‭Users‬‭tab.‬


‭2.‬ ‭Click‬‭Add users‬‭.‬
‭3.‬ ‭Select the‬‭User3‬‭to add to this group.‬
‭4.‬ ‭Click‬‭Add users‬‭to finalize the process.‬

‭(b) Create “EC2-Support” UserGroups‬


‭Step 1: Navigate to the IAM Service‬

‭1.‬ I‭ n the AWS Management Console, search for‬‭IAM‬‭in the‬‭search bar or find it under the‬
‭Security, Identity, & Compliance‬‭category.‬
‭2.‬ ‭Click on‬‭IAM‬‭to open the IAM dashboard.‬

‭Step 2: Create a New User Group‬

1‭ .‬ I‭ n the IAM dashboard, click on‬‭Groups‬‭in the left-hand‬‭menu.‬


‭2.‬ ‭Click on‬‭Create New Group‬‭.‬

‭Step 3: Configure the Group Details‬

1‭ .‬ E‭ nter‬‭EC2-Support‬‭as the‬‭Group Name‬‭.‬


‭2.‬ ‭Click‬‭Next Step‬‭to proceed.‬

‭Step 4: Attach a Policy to the Group‬

‭1.‬ O ‭ n the‬‭Attach Policy‬‭page, use the search bar to find‬‭the‬‭AmazonEC2ReadOnlyAccess‬


‭policy.‬
‭2.‬ ‭Select the checkbox next to‬‭AmazonEC2ReadOnlyAccess‬‭.‬
‭3.‬ ‭Click‬‭Next Step‬‭to continue.‬

‭Step 5: Review and Create the Group‬

1‭ .‬ R‭ eview the group's name and attached policies.‬


‭2.‬ ‭Click‬‭Create Group‬‭to finalize the process.‬

‭Step 6: Add Users to the Group (Optional)‬

‭1.‬ T ‭ o add users, go to the‬‭Groups‬‭section, select‬‭EC2-Support‬‭,‬‭click on the‬‭Group‬


‭Actions‬‭dropdown, and choose‬‭Add Users to Group‬‭.‬
‭2.‬ ‭Select the‬‭User2‬‭and click‬‭Add Users‬‭.‬

‭(c) Create “S3-Support” UserGroup‬


‭Step 1: Navigate to the IAM (Identity and Access Management) Service‬

‭1.‬ I‭ n the AWS Management Console, search for‬‭IAM‬‭in the‬‭search bar or find it under the‬
‭Security, Identity, & Compliance‬‭category.‬
‭2.‬ ‭Click on‬‭IAM‬‭to open the IAM dashboard.‬

‭Step 2: Create a New User Group‬

‭1.‬ ‭In the IAM dashboard, click on‬‭User groups‬‭in the‬‭left-hand menu.‬
‭2.‬ ‭Click on‬‭Create group‬‭.‬

‭Step 3: Configure the User Group Details‬

1‭ .‬ I‭ n the‬‭Group name‬‭field, enter‬‭S3-Support‬‭.‬


‭2.‬ ‭Click‬‭Next‬‭.‬

‭Step 4: Attach the S3 Read-only Access Policy‬

1‭ .‬ O ‭ n the‬‭Attach policies‬‭page, search for‬‭AmazonS3ReadOnlyAccess‬‭.‬


‭2.‬ ‭Check the box next to the‬‭AmazonS3ReadOnlyAccess‬‭policy‬‭to grant the group‬
‭read-only access to Amazon S3.‬
‭3.‬ ‭Click‬‭Next‬‭.‬

‭Step 5: Review and Create the Group‬

1‭ .‬ R‭ eview the group name and attached policy on the‬‭Review‬‭page.‬


‭2.‬ ‭Click‬‭Create group‬‭to finalize the process.‬

‭Step 6: Add Users to the Group (Optional)‬

1‭ .‬ I‭ n the‬‭User groups‬‭page, click on the‬‭S3-Support‬‭group‬‭you just created.‬


‭2.‬ ‭Click on the‬‭Users‬‭tab.‬
‭3.‬ ‭Click‬‭Add users‬‭.‬
‭4.‬ ‭Select the‬‭User1 t‬‭o add to this group, Click‬‭Add users‬‭.‬

‭ ask 3: Create EC2 Instance named “MyServer” with Linux OS‬


T
‭Image‬
‭Task 4: Create S3 bucket and add some files to bucket‬
‭Task 5: Sign-In and Test Users‬
‭1. In the navigation pane on the left, choose‬‭Dashboard‬‭.‬

‭●‬ A ‭ ‬‭Sign-in URL for IAM users in this account‬‭link is‬‭displayed on the‬
‭right. It will look similar to:‬
‭[Link]
‭●‬ ‭This link can be used to sign-in to the AWS Account you are currently‬
‭using.‬
‭●‬ ‭Copy the‬‭Sign-in URL for IAM users in this account‬‭to a text editor.‬

‭2. Open a private (Incognito) window.‬


‭‬ C
● ‭ hoose the ellipsis at the top-right of the screen‬
‭●‬ ‭Select‬‭New Incognito Window‬

‭3. Paste the‬‭IAM users sign-in‬‭link into the address‬‭bar of your private browser‬
‭session and press‬‭Enter‬‭.‬

‭●‬ ‭Sign-in with:‬


‭o‬ ‭IAM user name:‬‭User1‬
‭o‬ ‭Password:‬‭User1@123‬

‭4. In the search box to the right of‬‭Services‬‭, search‬‭for and choose‬‭S3‬‭to open the S3‬
‭console.‬

‭●‬ C ‭ hoose the name of the bucket that exists in the account and browse the‬
‭contents.‬
‭●‬ ‭Since your user1 is part of the‬‭S3-Support‬‭Group in‬‭IAM, they have permission‬
‭to view a list of Amazon S3 buckets and the contents.‬

‭Now, test whether they have access to Amazon EC2.‬

‭5. In the search box to the right of‬‭Services‬‭, search‬‭for and choose‬‭EC2‬‭to open the‬
‭EC2 console.‬

‭ ‬ I‭n the left navigation pane, choose‬‭Instances‬‭.‬



‭●‬ ‭You cannot see any instances. Instead, you see a message that states‬‭You are‬
‭not authorized to perform this operation‬‭. This is‬‭because this user has not been‬
‭granted any permissions to access Amazon EC2.‬

‭6. At the top of the screen, choose‬‭User1‬

‭●‬ ‭Choose‬‭Sign Out‬

‭7. Now sign-in as‬‭User2‬‭, who has been hired as your‬‭Amazon EC2 support person.‬

‭●‬ P ‭ aste the‬‭IAM users sign-in‬‭link into your private‬‭browser tab's address bar‬
‭and press‬‭Enter‬‭.‬
‭●‬ ‭Sign-in with:‬
‭o‬ ‭IAM user name:‬‭User2‬
‭o‬ ‭Password:‬‭User2@123‬‭‬
‭8.‬ ‭In‬ ‭the‬ ‭search‬ ‭box‬ ‭to‬‭the‬‭right‬‭of‬‭Services‬‭,‬‭search‬‭for‬‭and‬‭choose‬‭EC2‬‭to‬‭open‬‭the‬
‭EC2 console.‬
‭●‬ ‭In the navigation pane on the left, choose‬‭Instances‬‭.‬
‭●‬ Y
‭ ou are now able to see an Amazon EC2 instance “‬‭MyServer‬‭” because you‬
‭have Read only permissions.‬
‭●‬ ‭However, you will not be able to make any changes to Amazon EC2 resources.‬
‭9. Select the instance named ”‬‭MyServer”‬
‭●‬ ‭In the‬‭Instance state‬‭menu above, select‬‭Stop instance‬‭.‬
‭●‬ ‭In the‬‭Stop Instance‬‭window, select‬‭Stop‬‭.‬
‭●‬ Y
‭ ou will receive an error stating‬‭You are not authorized‬‭to perform this operation‬‭.‬
‭This demonstrates that the policy only allows you to view information, without‬
‭making changes.‬
‭●‬ ‭Choose the X to close the‬‭Failed to stop the instance‬‭message.‬
‭10. Next, check if User-2 can access Amazon S3.‬
‭●‬ I‭n the search box to the right of‬‭Services‬‭, search‬‭for and choose‬‭S3‬‭to open the‬
‭S3 console.‬
‭●‬ Y
‭ ou will see the message‬‭“‭Y
‬ ou don't have permissions‬‭to list buckets”‬
‭because User2 does not have permission to access Amazon S3.‬
‭●‬ ‭At the top of the screen, choose User-2‬
‭●‬ ‭Choose‬‭Sign Out‬
‭11.‬ ‭You‬ ‭will‬ ‭now‬ ‭sign-in‬ ‭as‬ ‭User3‬‭,‬ ‭who‬ ‭has‬ ‭been‬ ‭hired‬ ‭as‬ ‭your‬ ‭Amazon‬ ‭EC2‬
‭administrator.‬
‭●‬ ‭Sign-in with:‬

‭ ‬ I‭AM user name:‬‭User3‬


o
‭o‬ ‭Password:‬‭User3@123‬

‭12. In the search box to the right of‬‭Services‬‭, search‬‭for and choose‬‭EC2‬‭to open the‬
‭EC2 console.‬

‭ ‬ I‭n the navigation pane on the left, choose‬‭Instances‬‭.‬



‭●‬ ‭As an EC2 Administrator, you should now have permissions to‬‭Stop‬‭the Amazon‬
‭EC2 instance.‬

‭13. Select the instance named‬‭“MyServer‬‭”‬

‭ ‬ I‭n the‬‭Instance state‬‭menu, choose‬‭Stop instance‬‭.‬



‭●‬ ‭In the‬‭Stop instance‬‭window, choose‬‭Stop‬‭.‬
‭●‬ ‭The instance will enter the‬‭stopping‬‭state and will‬‭shutdown.‬

You might also like