Loading [MathJax]/jax/output/HTML-CSS/fonts/TeX/fontdata.js

Refer IAM features diagram

 

IAM - features refer to Iam Features snippet-

provides centralized control to ur AWS account

shared access to aws account

granular permissions

temporary access

include identity federations - eg fb, google etc

multifactor authentication

password rotation policy

integrates with other aws services

pci dss compliance

 

Critical Terms

a) Users - People using the AWS environment

b) Groups - Group of people under one set of permissions/policy

c) Roles- create roles and assign them to AWS resources eg assign a role to EC2 server instance to enable it to write to S3

d)Policies - Set of permissions. A policy can be applied to a user, group or roles

 

Lab - 1 

1)Steps to get to IAM

a) Select the closest region on top right

b) go to Services on top left

c) IAM is under Security, Identity & Compliance

 

2)IAM is global - Users/roles you create here are available globally - That is the region is global.

3)IAM users sign-in link

https://priya-aws-2017.signin.aws.amazon.com/console

originally has a number in place of priya-aws-2017. That number is called aws account number which can be accesses through account. Click on customize to put in your alias name. eg priya-aws-20174)

4. Refere LAB-summary pic

Summary-

a) MFA- multifactor authentication - did it through opting for a virtual device. The other option was hardware device. Download the authenticator in the other device- phone etc. I downloaded the android google authenticator app. opted for barcode scan instead of entering the code. Scanned the barcode on mfa in aws through my device and got a code. Entered it, waited for it to change to enter the next code and clicked on next. My AWS account was set up for MFA

b)Created 2 users - assigned them to a created group called system-admins. assigned them the aws administrator access as opposed to system administrator. You can look at the json format of each of the policy document before assigning it to them.

c)Applied IAM password policy - A password policy is a set of rules that define the type of password an IAM user can set.

eg-Require at least one uppercase letter 

d) Changed a user to a different group

e)Created a role and assigned it AmazonS3FullAccess policy- EC2 with access to S3

f) generating credentials for the users created. the uname/pwd & access keyid/secretaccesskey is given only once and is available for download right then. uname/pwd is used to login to console the key id secret access key is used for programatic access.

 

 

Lab-2 - Create Billing Alarm - When billing goes above 10$ sound an alarm

AWS- MyName on top right-billing

or services-managementtools-cloudwatch & create billing alarm