IAM
AWS
Adding users
- AWS User Access Categories:
- Console Access:
- Browser based access
- Programatic Access:
- Access for cli/sdk’s
- Console Access:
-
AWS User Categories
- Root User: User who created the account and will have full access on aws.
- User: Users created and generally will have restricted access.
-
Console Based Access To the new user
Create a user and login as that user
-
In AWS to login as non root user we need account id/alias, username and password
-
Account id
-
Signin url
https://<Account-id or alias>.signin.aws.amazon.com/console -
Creating a user without any permissions
-
Now lets signin
Lets add Programatic access to the same user to use from AWS CLI
-
As a root user navigate to IAM and select users
- Now lets configure aws cli to use these credentials
aws configure
- Lets execute a simple cli command to get all vpcs in mumbai region
aws ec2 describe-vpcs
- Secret Access cannot be viewed once created, it can be regenerated
IAM Policy: Permissions to AWS IAM Users
- IAM Policy gives authorization to Users
- AWS provides managed policies (predefined policies) which generally operate at service levels
- Administrator
- EC2 Full Access
- EC2 Read only
- S3 Full Access
- S3 Read only
- …
-
Now lets assing ec2 read only access and get the vpc for user 1
-
Now lets creating/deleting a vpc
- Lets give ec2 full access and try creating/deleting a vpc (Watch classroom recording)
