Working with IAM Users, User Group, Roles and Policies.
This lab walks through a process of creating new IAM user, user groups, roles and policies. A EC2 Instance would be created with attached Role to it. An IAM user will get limited permissions for testing purposes.
- Create IAM groups
- Create IAM users
- Work with IAM policies
- Work with IAM roles and instance profiles
- AWS account
- Navigate to IAM service and Create group. Attach the AmazonEC2ReadOnlyAccess policy to that group.
- Create a new user and then add it to the previously created IAM group.
- Go to the Policies and create a policy. Select S3 for the Service and ListAllMyBuckets for the Action:
- Attach AmazonS3ReadOnlyAccess policy to the user created in step 2.
- Create a new Role for EC2 service. Attach AmazonS3FullAccess policy to it.
- Go to EC2 dashboards and launch Instance. Attach the role from previous step to it.
- Connect with the instance using EC2 Instance Connect.
- Use the following command to verify your EC2 instance has the correct instance profile:
The command should return a JSON object with an InstanceProfileArn value ending in lab-role.
- Run the following commands to test that you can create and S3 buckets:
aws s3 mb s3://<<bucket-name>>