Lab 2‐3: IAM Console - seabar24/SYS-360 GitHub Wiki

AWS IAM

AWS Identity and Access Management (IAM) is essentially AWS's version of a System Administrator with IAM Users, Roles, and Permissions.

To get started with IAM, go to the AWS Management Console > Services and type IAM.

image

This will take you to the IAM Dashboard, where you can manage your IAM Users and Groups.

image

Users and Groups

On the left panel, select Users and you will see your list of users within your IAM Console. Select the user user-1.

image

Here you can see the user's permissions, groups, and security underneath the Summary.

Go back to the dashboard and select User groups on the left panel. This will take you to the User groups within IAM where users can be put into groups to have specific permissions associated with the group they are assigned.

image

From here, select the group EC2-Admins and you will see no users added to it (yet).

image

Next, switch over to permissions and you will see the policy given to this User group. Clicking on the policy will show you what is the actual code given for the policy to show allow.

{
	"Version": "2012-10-17",
	"Statement": [
    	{
        	"Effect": "Allow",
        	"Action": "ec2:Describe*",
        	"Resource": "*"
    	},
    	{
        	"Effect": "Allow",
        	"Action": "elasticloadbalancing:Describe*",
        	"Resource": "*"
    	},
    	{
        	"Effect": "Allow",
        	"Action": [
            	"cloudwatch:ListMetrics",
            	"cloudwatch:GetMetricStatistics",
            	"cloudwatch:Describe*"
        	],
        	"Resource": "*"
    	},
    	{
        	"Effect": "Allow",
        	"Action": "autoscaling:Describe*",
        	"Resource": "*"
    	}
	]
}

How to Add Users to a Group

To add a user, we'll go into the User Group S3-Support.

image

From here, click on the Add Users within the Users tab. Select the user you want to add and then click Add users

Ignore the user-3 in the screenshot, I went back in and changed the user-1 user.

image

You should then be returned to the S3-Support User Group page and see under Users that user-1 was added.

image

Signing into a User

To sign into a user, go to the IAM Dashboard. Scroll down and you'll see the AWS Account and within that is the Sign-in URL for IAM users in this account.

image

Copy and paste the URL associated with this into a private browser tab.

Here you'll see the different permissions given to each user based on their User group assignment.

User-1

User-1 is able to see S3-Bucket

image

But User-1 cannot see Instances within EC2

image

User-2

User-2 is able to see EC2-Instances

image

But User-2 cannot stop an Instance from running

image

And User-2 cannot see S3-Bucket Buckets

image

User-3

User-3 is able to see EC2 Instances running and be able to stop them

image