Refer IAM features diagram
IAM - features refer to Iam Features snippet-
provides centralized control to ur AWS account
shared access to aws account
granular permissions
temporary access
include identity federations - eg fb, google etc
multifactor authentication
password rotation policy
integrates with other aws services
pci dss compliance
Critical Terms
a) Users - People using the AWS environment
b) Groups - Group of people under one set of permissions/policy
c) Roles- create roles and assign them to AWS resources eg assign a role to EC2 server instance to enable it to write to S3
d)Policies - Set of permissions. A policy can be applied to a user, group or roles
Lab - 1
1)Steps to get to IAM
a) Select the closest region on top right
b) go to Services on top left
c) IAM is under Security, Identity & Compliance
2)IAM is global - Users/roles you create here are available globally - That is the region is global.
3)IAM users sign-in link
https://priya-aws-2017.signin.aws.amazon.com/console
originally has a number in place of priya-aws-2017. That number is called aws account number which can be accesses through account. Click on customize to put in your alias name. eg priya-aws-20174)
4. Refere LAB-summary pic
Summary-
a) MFA- multifactor authentication - did it through opting for a virtual device. The other option was hardware device. Download the authenticator in the other device- phone etc. I downloaded the android google authenticator app. opted for barcode scan instead of entering the code. Scanned the barcode on mfa in aws through my device and got a code. Entered it, waited for it to change to enter the next code and clicked on next. My AWS account was set up for MFA
b)Created 2 users - assigned them to a created group called system-admins. assigned them the aws administrator access as opposed to system administrator. You can look at the json format of each of the policy document before assigning it to them.
c)Applied IAM password policy - A password policy is a set of rules that define the type of password an IAM user can set.
eg-Require at least one uppercase letter
d) Changed a user to a different group
e)Created a role and assigned it AmazonS3FullAccess policy- EC2 with access to S3
f) generating credentials for the users created. the uname/pwd & access keyid/secretaccesskey is given only once and is available for download right then. uname/pwd is used to login to console the key id secret access key is used for programatic access.
Lab-2 - Create Billing Alarm - When billing goes above 10$ sound an alarm
AWS- MyName on top right-billing
or services-managementtools-cloudwatch & create billing alarm