2) IAM Users & Groups Hands On- AWS Certified Solutions Architect Associate Course SAA-C02

2) IAM Users & Groups Hands On- AWS Certified Solutions Architect Associate Course SAA-C02 post thumbnail image

2) IAM Users & Groups Hands OnAWS Certified Solutions Architect Associate Course SAA-C02-Section 1: IAM & AWS CLI-  Okay, so let’s explore the IAM console. So for this I’m going to type “IAM”

 

  • And this will take me straight to a console of an AWS service called IAM.

  • So the first thing we notice, is that on the top right corner, it shows “Global”,
  • which means IAM doesn’t require region selection.
  • what this means is that IAM is a global service,
  • whereas many other AWS services will be regional services.
  • and there will be a region selection.
  • But for IAM, users and groups are created in a global fashion.
  • Okay. So we are in the IAM dashboard.
  • And the first thing we want to do is to create an IAM user.
  • So I’m going to go under “Users” and click on “Add users”

 

  • So why do we want to create a user?
  • Well, as we can see, if you click on account name name right here,

  • we are using the root user.
  • The root user has all the permissions
  • you want in your account okay?
  • It can do anything you want.
  • But therefor it’s a very dangerous account to use.
  • The better way is to create a administrator account
  • that we’re going to crate right now.
  • And this admin account will be able to do everything
  • the root account does or almost,
  • and we will let the root go.
  • and we use the root account
  • only if we really, really ever need to.
  • This is from a security perspective, the best setup.
  • So as we can see, we’re going to create a username
  • and that one is going to be “saicharan”
  • and then we need to select the credential type.
  • so we’ll enable the password type of credential
  • and we can autogenerate it or create a custom password.
  • And because this is my own account,
  • I can just set a custom password and be done with it.
  • So we dont require a password reset,
  • and then we click on “Next: Permissions”.

  • Now, we need to add the user into a group.
  • So we’re going to create a group by Clicking on “Create group”
  • and this group is going to be called “admin”
  • Now, any user placed within the group “admin”
  • will inherit the permission associated with that group.
  • And so permissions are defined through policies.
  • And the one policy we’re going to attach to the “admin” group is called “AdministratorAccess”
  • So this policy will allow any account under this group.
  • to be an administrator of your account.
  • So let’s go ahead and create this group.

  • And next click on “Next: Tags”

  • So in AWS, you will find tags pretty much everywhere.
  • And they’re just information that can help you track, organize or control access for users.
  • And so we’re not going to create tags everywhere.
  • for our course, okay?
  • But what I can show you is how to create a tag for our user.
  • And this is just information you want to add
  • regarding that specific user, okay?
  • So for example, I can say that the “Department” of my user
  • is “Engineering”
  • And you can have any tags you want on many resources in AWS.
  • Im just showing you how to do it once.

  • Now let’s click on “Review”
  • So we’ve create a username “saicharan”
  • with password access to the Management Console.
  • And then the group it belongs to, is the “admin” group.
  • And the tags is “Department: Engineering”.
  • So lets go ahead and create this user.

  • And now the user is created.
  • So before we go there, you need to download the .csv
  • especially if you autogenerated a password.
  • So this “Download .csv”
  • will have the credentials of your users contained within it.

  • and you can also email login instructions.
  • to a specific email if you’re creating a user.
  • for someone else.

  • But this is our own user, so are we good to go.
  • So we’ll close this

 

  • now let’s explore what we have created.
  • So under user groups, I will find the group admin, click on it.

  • I can see that there’s one user in this group,
  • which is “saicharan” user

  • And if i look at the group permissions, as we can see,
  • there is a policy name attached to the group which is “AdministratorAccess”
  • which provides full admin access to any users within the group

  • And so if we go to users and click on the user “saicharan”
  • So this is a user.
  • You can also get back from this menu on the left-hand side

  • and just click on “Users > saicharan”
  • okay
  • So if you click on the user “saicharan” back to it
  • ok, great.
  • We have these permissions and the permissions associated with my user is “AdministratorAccess”
  • And this is a managed policy that we inherited from the group admin.
  • okay?

  • So we have our users and we have our groups.
  • And now we’re going to see how to log in with that use, “saicharan”
  • So to do so let’s go back into the dashboard.

  • and on the right-hand side of the dashboard,
  • we have some summary about our AWS account.

  • So the account ID is right here,
  • which can also get to by opening this panel.

  • So this is the same account ID here, and here
  • And the account alias is what you can set
  • to log in to your account faster,
  • because remembering numbers sometimes is difficult.
  • So you can create an account alias,
  • and you just have to specify an alias that you like.
  • For example, “saicharanpaloju-aws-v2”.
  • and click on ” Save changes”

  • Now, this is a unique alias for my account.
  • You’re not going to be able to use this account,
  • this alias for your account, but you can create your own.
  • And now we have a sign-in URL on the right-hand side
  • that is customized for my alias.
  • So if i click on “Copy this URL”

  • I Need to Open it in a new tab,
  • But it must be an incognito tab or a different web browser.
  • So here I’ve opened a private window in Firefox.
  • which is going to be a different session.

  • And so therefore I Can copy the sign-in URL
  • and paste it here and press enter.
  • Now we are taken again to the login page of AWS.
  • And as we can see, we have three fields.
  • We have the “Account ID”, the “IAM user name”
  • and the password.
  • So what’s happening here, is that we, using this URL,
  • are taken to a sign-in page as an IAM user.
  • And how do we know this?
  • How can we get back to this page if we wanted to?
  • Well, when we went into the Sign in”, we had two options,
  • either “Root user”, which will log you in as a root user,
  • or ” IAM user”, in which case you just need to enter the account ID or the account alias
  • and then click on “Next”,
  • which will take you into the page that we had from before,
  • which was this page right here.
  • So now in this page, what I need to do
  • is to enter my IAM username and the password.
  • that i just created
  • And then click on ” Sign in”.

  • And we are now logged in as IAM user in the console.

  • So how do we know this?
  • Well, if you’re logged in as your user,
  • as you can see when you click on the account,
  • it says “My account” and the account number.

  • This is a root user.
  • But if you go on the right-hand side,
  • we can see that there’s “saicharan @” and the then account alias.

  • And so what we can see is that “saicharan”
  • is the IAM user “saicharan” and then “My Account”
  • and the account number.
  • So we know on the right-hand side,
  • that we’re logged in as an IAM user.
  • Now this IAM user can do pretty much anything.
  • that the other user was able to do, the root user.
  • because they’re both admins, okay?
  • But rom a course perspective, it’s better
  • if you use an IAM user, than using the root account.

  • Now you will see in some topics, i have the root user,
  • and some topics, i have the IAM user.
  • It doesn’t really matter from the course perspective, okay?
  • So i will use them as I Please.
  • But if i need to use the root user specifically,
  • i will let you know.
  • Or if I Need to use an IAM use specifically,
  • I will let you know as well, okay?
  • But just so you know, to keep on doing to this section,
  • please have the root account,
  • as well as your IAM user ready and available.
  • So that’s it for this lecture. I hope you like it.
  • And I will see you in the next lecture.

 

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a Reply

Your email address will not be published.

Related Post