Lab 6:To Manage IAM Users,Groups and Policies

                                             Lab 6:To Manage IAM Users,Groups and Policies

Objective: To Configure  and use AWS IAM Service

Topology:

AWS IAM identites

Pre-quistes:

 

User should have AWS root account

To configure IAM with following task:

Create IAM users,aasign password,and change password policy.

Create IAM groups

Add users to a group.

Add policies to Group and users.

Create your own polices

users login to sign-in page

Deleting users and groups

1)To create user,assign,password,change password policy.

open AWS console select security,identity & compliance

click on IAM services

IAM Dashboard panel available.

2) To manage Groups and applying polices

From IAM dashboard ,select Groups

Click on create New Group button

Give Group Name ------->EC2admingroup

Click on Next step button

                                                                                               Next Step

in filter type----->EC2f

select check box for amazonEC2fullaccess

click on Next Step button

click on Create Group

Verify

Group EC2admingrp got created with amazonEC2fullaccess policy

Now Create again another group

Click on create Group button

To create a group with s3fullaccess

In filter type------>S3f

Select check box for amazonfullaccess

click on Next step button

Click on Create Group button

Verify EC2admingroup &s3admingr groups got created

verify S3 policy is attached.

Create user Tom and join EC2admingroup

Create user john and join to S3admingroup

Create user sai add amazonEC2fullaccess and S3fullaccess policy

From IAM dashboard

select Users

Click on ADD users button

Scenario 1:

Create user Tom and join EC2admingroup

For user name------->Tom

For Access type----->AWS Management console access

Drag Down

For console password------->**************

Click on Next permissions button

Under Group column

select EC2admingroup

click on Next Review

Verify users default

click on Create user button

Download the .csv file

click on Close button

Scenario 2:

Create user john to s3admingroup

select user 

Click on Add user button

For user Name-------------->john

For Access type----->AWS Management console access

For console password------->**************

Drag Down

Click on Next permissions button

Select S3admingrp

Click on Next Review button

Verify users details

click on Create user button

Download the .csv file

click on Close button

Scenario 3:

Add a user individual user sai without joining to any group

Attach amazonEC2fullaccess and S3fullaccess policy

Select user

Click on Add user button

For user Name-------------->Sai

For Access type----->AWS Management console access

For console password------->**************

Drag Down

Click on Next Permission button

Click on Attach Existing policies directly box

In filter type serach for ec2f

Select AmazonEC2fullaccess and S3fullaccess check box

In filter type serach for s3f

Select AmazonEC2fullaccess and S3fullaccess check box

Click on Next Review button

Verify users details

click on Create user button

Download the .csv file

click on Close button

To verify wheather users can access particular service

Login as Tom user

Provide the following url in Browser

https://123456789.sigin.aws.amazon.com/console

click on sign in button

user tom is not having S3 access

Click on S3 verify the access

verification 

Error Access Denied

Now select EC2 service

verification 

User tom can access EC2 service

Similarly check for user John

To delete users and groups

From IAM Dashboard ,select users

Select the users ,drop down Action button

Click on Delete users Button

Click on Yes,Delete Button

Verification

Users sai is deleted

To Deleting Groups

From IAM Dashboard 

Select the Groups 

Drop Down Groups Action button

Select Delete button

Click Yes,Delete button

Verification 

Group is Deleted

To create Multifactor Authentication

install Google authentication in your Andriod Mobile

On the IAM Dashboard panel

click on Users

Click on user tom

Click on Security credentials

Click on pen sign for "Assigned MFA device"

Select ----------->"A virtual MFAdevice"

Click on Next Step button

Click on Next Step Button

Bar code will be created

Scan the bar code from your mobile google authenticator application.

Now type 6 digit bar code in Authentication code 1

once bar code changes 

Retype 6 digit code Authentication code 2

Click on Finish

Now login as tom user

Once the user types the MFA 6 Digit coder 

Click on submit 

Verify user had successfully logged in.