IAM

AWS

Adding users

• AWS User Access Categories:
  • Console Access:
    • Browser based access
  • Programatic Access:
    • Access for cli/sdk’s
• AWS User Categories
  • Root User: User who created the account and will have full access on aws.
  • User: Users created and generally will have restricted access.
• Console Based Access To the new user
  

Create a user and login as that user

• In AWS to login as non root user we need account id/alias, username and password
  
• Account id
  
  
• Signin url https://<Account-id or alias>.signin.aws.amazon.com/console
• Creating a user without any permissions
  
  
  
  
  
• Now lets signin
  
  

Lets add Programatic access to the same user to use from AWS CLI

• As a root user navigate to IAM and select users
  
  
  
• Now lets configure aws cli to use these credentials

aws configure

• Lets execute a simple cli command to get all vpcs in mumbai region

aws ec2 describe-vpcs

• Secret Access cannot be viewed once created, it can be regenerated

IAM Policy: Permissions to AWS IAM Users

• IAM Policy gives authorization to Users
• AWS provides managed policies (predefined policies) which generally operate at service levels
  • Administrator
  • EC2 Full Access
  • EC2 Read only
  • S3 Full Access
  • S3 Read only
  • …
• Now lets assing ec2 read only access and get the vpc for user 1
  
  
  
  
  
• Now lets creating/deleting a vpc
  
  
• Lets give ec2 full access and try creating/deleting a vpc (Watch classroom recording)