Working with IAM Users, User Group, Roles and Policies.

Lab Details

  1. Services covered
  2. Lab description
  3. Lab date
  4. Prerequisites
  5. Lab steps
  6. Lab files
  7. Acknowledgements

Services Covered

  • EC2 EC2

Lab description

This lab walks through a process of creating new IAM user, user groups, roles and policies. A EC2 Instance would be created with attached Role to it. An IAM user will get limited permissions for testing purposes.

Learning Objectives

  • Create IAM groups
  • Create IAM users
  • Work with IAM policies
  • Work with IAM roles and instance profiles

Lab date



  • AWS account

Lab steps

  1. Navigate to IAM service and Create group. Attach the AmazonEC2ReadOnlyAccess policy to that group.
  2. Create a new user and then add it to the previously created IAM group.
  3. Go to the Policies and create a policy. Select S3 for the Service and ListAllMyBuckets for the Action:
  4. Attach AmazonS3ReadOnlyAccess policy to the user created in step 2.
  5. Create a new Role for EC2 service. Attach AmazonS3FullAccess policy to it.
  6. Go to EC2 dashboards and launch Instance. Attach the role from previous step to it.
  7. Connect with the instance using EC2 Instance Connect.
  8. Use the following command to verify your EC2 instance has the correct instance profile:

    The command should return a JSON object with an InstanceProfileArn value ending in lab-role.

  9. Run the following commands to test that you can create and S3 buckets:
    aws s3 mb s3://<<bucket-name>>

Lab files