IAM Demonstration

1. The demonstration starts on the Management Console.
2. Click on Identity & Access Management on the Management Console.
3. Briefly spend some time explaining the different options on the IAM Console’s Dashboard. Mention that you will later get back to the Dashboard.
4. Click on Policies on the left hand side of the screen. Click on Get Started and explain AWS Managed Polices to students.
5. Next click on Create Policy then choose Select next to Policy Generator. Explain that by default, a user or role has no permissions.
6. Choose Amazon S3 next to AWS Service.
7. Select the CreateBucket and ListBucket check boxes. Explain what the options would do. In the ARN section explain the structure of an ARN (arn:aws:s3:::<bucket_name>/<key_name>). For the demonstration specifically enter * next to ARN. Click on Add Conditions (Optional) and explain different conditions that can be used. Click on Hide to close the Add Conditions (Optional) window.
8. Click on Add Statement. Create another permission. Choose Amazon EC2 besides AWS Service. Select All Actions (*) under Actions. Choose * next to ARN and click on Add Statement. Select Next Step.
9. On the Review Policy screen enter sampleEC2S3Policy. Under Description enter Sample EC2 and S3 policy. Show students the generated JSON. Change s3:ListBucket to s3:List* in the policy. Explain this would provide bucket creation and all S3 list based access. Click Create Policy.
10. Click on Users on the left of your screen. Select Create New Users and enter userec2admin in the first box and click on Create. Click on Show User Security Credentials. Show the students Access Key ID and Secret Access Key. Click on Close followed by Close.
11. Click Users on the IAM screen and select userec2admin and click on Security Credentials. Then click on Manage Password and select Assign a custom password. Enter a password of your choice. You will login using these credentials later. Click on Apply.
12. Click on Manage MFA Device and explain hardware MFA device and virtual MFA device options. Explain the different options and click on Cancel.
13. Explain to students that security management becomes harder the more users there are and that IAM Groups can help. On the Management Console select Identity & Access Management and select Groups.
14. Click on Create New Group and enter DevGroup. Click on Next Step. Search for sampleEC2S3Policy and select the checkbox. Click on Next Step and then Create Group.
15. Click on DevGroup and click on Add Users to Group. Select userec2admin and click on Add User.
16. On the Management Console select Identity & Access Management and click on Roles.
17. Click Create New Role. On the Set Role Name window enter AWSCLIAccess and click on Next Step. Tell students that if they want to securely administer their AWS environment from an EC2 instance using AWS, this option would help them. Explain that since the AWS CLI is running on an AWS EC2 instance, we choose the Select button next to Amazon EC2.
18. Assuming the user would need access to create a bucket and list S3 buckets using AWS CLI, search for sampleEC2S3Policy on the Select Role Type screen. Select sampleEC2S3Policy and click on Next Step and Create Role.
19. Click on the IAM Dashboard on the top left corner. Spend a few minutes explaining the available options.
20. IAM users sign-in link – Explain that the option lets the user create a customised sign-in link for IAM users to login. Click on Customize and enter a name of your choice in the Create Account Alias window. Click on Yes,Create. Copy the sign-in link.
21. Ensure you use a new browser for the next step. Paste the link in the address bar and hit enter.
22. On the new login screen enter userec2admin as the User Name and enter the password you selected earlier.
23. Log out of userec2admin account and go back to the other browser using an IAM user with administrative access.
24. On the Management Console select EC2. Create an Amazon Linux EC2 instance and make sure you select the AWSCLIAccess role under the IAM role option on the Step 3: Configure Instance Details screen. Explain how the user policy would work.
25. After the EC2 instance is ready, login to the instance.
26. On the terminal, type aws configure and hit enter. Hit enter twice for AWS Access Key Id and AWS Secret Access Key. For Default region name enter ap-southeast-1 and hit enter. For Default output format hit enter.
27. Create an S3 bucket. Enter aws s3 mb s3://bucketname. Ensure that you replace bucketname with a unique bucket name.
28. Type aws s3 ls to list the newly created bucket.
29. Finally try to delete the bucket your created. aws s3 rb s3://bucketname. Ensure that you replace bucketname with a unique bucket name. Educate students why the step failed.
30. Exit the terminal and end the demo.

Continue reading articles in my Amazon Web Services series

• Data Warehousing on AWS
• Migrating to AWS
• AWS Business Essentials
• IAM Demo
• Architecting on AWS
• SysOps on AWS
• S3 Demo
• Predict the Future
• AWS Tech Essentials
• Developing on AWS
• DevOps on AWS
• Advanced Architecting on AWS
• Big Data on AWS
• AWS Deep Dive Toolbox
• Security Engineering on AWS
• Deep Learning on AWS
• AWS List of Services
• Networking on Aws
• AWS Data and Analytics
• Microsoft Immersion Day
• Adelaide Deep Racer Hints and Tips
• Deep Racer Awards
• Windows on AWS
• AWS Ask Me Anything
• Cloudwatch and Systems Manager Workshop
• Containers Immersion Day
• Redshift Immersion Day
• Innovation in Ambiguity
• AWS Contingency Planning
• AWS CLI Examples
• Migrating to Cloud in 2023
• Chaos Engineering Workshop
• Chatgpt Friend or Foe