DEV Community

Cover image for Hands-On-Lab: Introduction To IAM
Wilklins Nyatteng for AWS Community Builders

Posted on

Hands-On-Lab: Introduction To IAM

Thriving at the intersection of knowledge and opportunity, I recently embarked on a hands-on learning journey that showcased the power of collaboration and knowledge sharing within the AWS community. As a proud AWS Community Builder, I have the privilege of accessing Cloud Academy's invaluable resources, generously provided by AWS. Guided by a passion for innovation and a commitment to elevating my expertise, I delved into a comprehensive lab focused on AWS Identity and Access Management (IAM). Through Cloud Academy's meticulously crafted lab, I honed skills in creating IAM groups, generating user accounts, and orchestrating secure access management – skills that are pivotal in safeguarding digital landscapes in today's dynamic cloud environment.

Lab description

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.

During this lab experience, you will learn how to create IAM users and groups with specific policies.

Learning Objectives

Upon completion of this lab you will be able to:

  • Create IAM groups
  • Create IAM users
  • Use IAM credentials to log in as created users

Create IAM groups

Introduction

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

Instructions

  1. In the AWS Management Console search bar, enter IAM, and click the IAM result under Services:

Image description

  1. From the IAM dashboard, click on User groups link in the sidebar menu:

Image description

  1. Click on the Create Group blue button for creating a new IAM group:

Image description

  1. In the User group name field, enter DevOps as the name of the group:

Image description
5. Skip down to the Attach permissions policies section, enter AmazonEC2ReadOnlyAccess into the search bar and select the resulting policy: AmazonEC2ReadOnlyAccess:

Image description

  1. Click Create Group.

The Groups page now lists the new group and you are able to assign the DevOps group to any available user:

Image description

Summary

In this lab step, you used the IAM Management console to create an IAM group.

Now we get into the second phase of the labs.

*Creating an IAM User*

Introduction

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

Instructions

  1. From the Identity & Access Management console, click on Users in the sidebar menu:

Image description

  1. Click Add users to begin creating a new user:

Image description

  1. Enter the following values in the form:
  • User nameJohn (Name must be case sensitive)
  • Provide user access to the AWS Management Console: Checked
  • Console password: Autogenerated password
  • Users must create a new password at next sign-in: Unchecked

Image description

  1. Click Next

  2. Under User groups, select the DevOps group:

Image description
This will add the user to the group.

  1. Click Next.

  2. Review the configuration and click Create user:

Image description

  1. Click Download .csv file:

Image description

  1. Click Return to users list to see the newly created user:

Image description

Summary

In this lab step, you used the IAM Management console to create an IAM user and attach it to an IAM group.

*Logging in using the new IAM credentials*

Introduction

After you have created IAM users and created passwords for them, users can sign in to the AWS Management Console by using a special URL, which has this format: https://AWS-account-ID.signin.aws.amazon.com/console. In this lab step, you will get the opportunity to use a similar log-in link to log in to the newly-created IAM User.

Instructions

  1. Click John on the IAM User page:

Image description

  1. Click Security Credentials and then navigate to the Console sign-in link listed in the tab:

Image description

  1. Use the credentials in the CSV file you downloaded to log in as John.

The downloaded credentials will be similar to this:

Image description
In the Console enter:

Username: Enter John

Password: Enter the password from the spreadsheet you downloaded earlier

Image description

  1. From the AWS Management Console, click on Services at the top of the page and type S3 into the text box. Select the S3 option:

Image description

  1. Notice that due to the restrictive permissions you placed on the IAM user "John", the buttons are greyed out:

Image description

Summary

In this lab step, you logged in as your newly-created IAM user. You also confirmed that your restrictive IAM permissions worked and that your new user didn't have access to unnecessary AWS resources.

Conclusion
This hands-on lab has provided a comprehensive introduction to AWS Identity and Access Management (IAM), a crucial component in ensuring the security and controlled access to AWS services and resources. Throughout the lab, we've covered essential tasks such as creating IAM groups, generating IAM users, and logging in with new IAM credentials. By mastering these steps, you've gained valuable insights into how IAM empowers organizations to manage user access effectively, enhance security protocols, and enforce permissions to protect sensitive data.

By creating IAM groups, you learned how to consolidate permissions and apply them collectively to multiple users, streamlining the management of access rights across your AWS environment. The process of crafting IAM users, as demonstrated, showcases the flexibility IAM offers in tailoring individual access to resources while maintaining security best practices. Through the hands-on exercise of logging in with newly created IAM credentials, you've witnessed firsthand the practical implementation of IAM security measures and the tangible impact of permission controls on user interactions with AWS resources.

As you move forward, this foundational knowledge of IAM will be instrumental in orchestrating secure and efficient user access management within your AWS infrastructure. By continuing to explore and deepen your understanding of IAM's capabilities, you'll be well-equipped to contribute to robust security practices, compliance efforts, and overall operational excellence within your organization's cloud environment.

Remember, IAM serves as a cornerstone for ensuring the principle of least privilege, fostering a culture of security-first mindset in every aspect of AWS resource interaction. As you continue your learning journey, feel empowered to dive further into IAM's advanced features and explore its integration with other AWS services, thereby strengthening your expertise in safeguarding digital assets and contributing to the broader realm of cybersecurity.

Congratulations on completing this hands-on lab, and I encourage you to build upon this foundation as you navigate the dynamic landscape of cloud security. Your newfound proficiency in IAM will undoubtedly play a pivotal role in shaping secure, scalable, and efficient cloud practices in the future.

Top comments (1)

Collapse
 
bthiban profile image
Bira

This is a great post that provides a comprehensive introduction to AWS Identity and Access Management (IAM). The author does a great job of explaining the essential tasks of IAM, such as creating IAM groups, generating IAM users, and logging in with new IAM credentials. The post also provides valuable insights into how IAM can be used to manage user access effectively, enhance security protocols, and enforce permissions to protect sensitive data.