← Back to Labs
Fundamental00:30:00

Introduction to AWS Identity Access Management (IAM)

Task 1Task 2Task 3Task 4
Task 1

Task 1: Sign in to the AWS Management Console

↑ Top
  1. Click on the Open Console button, and you will get redirected to AWS Console in a new browser tab.
  2. On the AWS sign-in page,
  3. Leave the Account ID as default. Never edit/remove the 12-digit Account ID present in the AWS Console. Otherwise, you cannot proceed with the lab.
  4. Now copy your Username and Password in the Lab Console to the IAM Username and Password in the AWS Console and click on the Sign-in button.
  5. Once Signed In to the AWS Management Console, make the default AWS Region as US East (N. Virginia) us-east-1.
Task 2

Task 2: Create IAM Users

↑ Top
  1. In this task, we are going to create new IAM users by providing the name, password access, permissions, and tags. These users will be added to their respective groups in the next task.
  2. Click on Services and select IAM under the Security, Identity, & Compliance section.
  3. In the IAM dashboard, select the IAM Users option in the left panel and click on the Create User button to create a new IAM user.
  4. In the Add User page, fill in the User Details section as follows:
  5. User name: Enter John (or the desired name for the user)
  6. Check the Provide user access to the AWS Management Console - optional checkbox
  7. Select Custom password under Console Password and Enter lab@123 (or the desired password for the user)
  8. Uncheck the Users must create a new password at the next sign-in (recommended) checkbox.
  9. Click on the Next button.
  10. In the Set permissions section, keep things as default. Click on the Next button.
  11. Scroll down and Under Tags, Click on the Add new tag button:
  12. Key: Enter Dev-Team
  13. Value: Enter Developers
  14. Click on the Create User button
  15. Note: Ignore the above error if it appears while creating Users and click on Close.
  16. Click on the Return to users list button and then on the Continue button.
  17. Repeat the same steps and tags for the IAM user by the name Sarah.
  18. Repeat the steps to create IAM users by the name Ted and Rita with the following details,
  19. Custom password: lab@123
  20. Key: HR-Team
  21. Value: HR
  22. We have created 4 IAM users.
Task 3

Task 3: Create IAM Groups and add IAM Users

↑ Top
  1. In this task, we are going to create new IAM groups and will add the users to their respective groups. Moreover, we will be adding permissions to the group so that users within the group have access to the services allocated to them using the permission policies.
  2. Select the IAM User groups in the left panel and click on the Create group
  3. Set Group Name:
  4. User group name: Enter Dev-Team
  5. Scroll down and select John and Sarah under Add Users to the group.
  6. Scroll down to the Attach permissions Policies section and search for AmazonEC2ReadOnlyAccess and AmazonS3ReadOnlyAccess policies. These policies provide read access for EC2 and S3 to the added users in the group.
  7. Note: Do not add other policies than the ones mentioned above. You will get an error while creating a group
  8. Review all details and click on the Create group button.
  9. Repeat the same steps to create an HR-Team group.
  10. Click on the Create group
  11. User group name: HR-Team
  12. Scroll down and select Ted and Rita under Add Users to the group.
  13. Under Attach permissions Policies, select the Billing policy.
  14. Note: Do not add other policies than the ones mentioned above. You will get an error while creating a group
  15. Review all details and click on the Create group button.
  16. Do You Know?
  17. In 2021, AWS IAM introduced a new feature called Access Analyzer, which uses automated reasoning to help identify the resources that an IAM policy allows or denies access to. This can be useful for identifying unintended access and for auditing IAM policies to ensure they conform to security best practices. Access Analyzer also provides recommendations for how to modify policies to remove unintended access, making it easier to maintain a secure AWS environment
Task 4

Task 4: Validation Test

↑ Top
  1. Once the lab steps are completed, please click the Lab Validation button on the left side panel. Click Validate My Lab on the Lab Validation tab.
  2. This will validate the resources in the AWS account and display whether you have completed this lab successfully or not.
  3. Sample output :
  4. Completion and Conclusion
  5. In this lab, you created 4 IAM users & 2 IAM groups. At the time of the IAM groups creation, you attached the required IAM policies, added John and Sarah to the Dev Team group, and added Ted and Rita to the HR Team group.
  6. You have learned how to create IAM users and groups.
  7. You have learned how to add users to the respected IAM groups.
  8. You have learned how to attach a policy while creating the IAM groups.
  9. You have learned how to allow a specific user/group to access services and resources in your AWS account.
  10. You have successfully validated the lab.
  11. End Lab
  12. Sign out of AWS Account.
  13. You have successfully completed the lab.
  14. Once you have completed the steps click on End Lab from the lab console.
← Back to Labs