Managing Users in AWS/Azure
- Overview
- AWS Can be accessed using
- browser (Console) Refer Here for the url
- CLI (Programmatic Access)
- SDK (Python, Dotnet, Java ..) (Programmatic Access)
- Azure can be acecss using
- browser (Portal) Refer Here
- CLI
- SDK
AWS Account
- For our learning purposes, we create a free tier accounts, Enterprises create accounts and manage them under AWS Organizations.
- Every AWS Account will have a unique account id and an account alias can be created
- Users:
- Root User:
- This is the user who has created the account and will have super admin permissions.
- They can directly login using their credentials in AWS Console
- IAM Users:
- They generally represent AWS Users and they should have less privileges according to their roles.
- They login by providing account id or alias
- Root User:
AWS – Identity And Access Management (IAM)
- IAM is a service of AWS which is used for user management and acess Management
Activity 1: Create a user without any policy and access aws
- Login as a root user into your AWS Account
- Navigate to IAM
- Ensure you have noted (Account Id/Alias) and perform the following steps
- Now navigate to AWS console via the url in a different browser & Enter credentials
- Now navigate to any service (ec2)
Introducing IAM Policies
- AWS IAM Policy provides access to resources
- AWS has lot of predefined IAM Policies (Managed Policies) and also gives us the option to create custom policies
- Refer Here for docs
Activity 2:
- User2 is hired as AWS Admin, find a suitable policy
- User 1 is hired as developer, he needs permission only on s3 buckets
Exercise
- Remove the policies for two users
- Now create a dev group and admin group
- dev group give S3 Full Access and admin group give Administrator access
- Add user1 to dev and user2 to admin group
- Verify the access which user1 and user 2 have recieved
