Identity and Access Management Contd..
Scenario 1: Create 3 users and add them to group
- Create a dev user group
- Create 3 users
- devuser1
- devuser2
- devuser3
- We have create a group and 3 users with no permissions
- Lets login as one user and check the home page
- Add these users to dev user group.
- Group and user relation
- If we apply permission to the Group, it will be applied/inherited to the users in the group.
- For the DevGroup lets give ec2 full access (in built policy by AWS)
Scenario 2: Add 2 users to a group
- Create two user testuser1 and testuser2 with no permissions
- Login in as testuser1 and check the ec2 home page
- NOw create a test user grouo
- Add two users to test user group
- Attach ec2 readonly policy (AWS builtin) to the group and verify if its working or not
-
NOTE:
- AWS Policy Conflicts, If there is conflict between ALLOW and DENY Permissions, ALLOW always loses and DENY WINS.
- In the policy if you have not mentioned about a specific service, by default they are denied.
- In AWS What access needs to be given is mandated by policies.
- A policy is a JSON Document
- Exercise: JSON and YAML Tutorial Refer Here
