Wednesday, August 8, 2018

AWS IAM – Users – Group – Policies- Management – Part 5

AWS IAM (Identity Access Management) allows you to create the new users , groups and delegates the roles to users and groups using policy documents. AWS policy documents are written in simple JSON (JavaScript Object Notation) language and it’s easy to understand. The policies  are readily available and we are not expected to write JSON (JavaScript Object Notation) scripts. This article will walk you through creating the new users account , groups and attaching polcies to groups. It will also demonstrates that how to attach the policies to the individual users and groups. In the IAM setup part, the following actions needs to be completed to enable all 5 security features to the AWS account.

  • Delegate your root access keys (It will be marked as green as part of account setup)
  • Activate MFA on your root account  (Completed  – Refer part 4 )
  • Create individual IAM users (Part 5 )
  • Users group to assign permissions  (Part 5 )
  • Apply an IAM policy  (Part 5 )

Let’s begin the AWS LAB.
1. Login to AWS console and Navigate to IAM from security & identity tab. (Refer Part 4)
Security Status - IAM - AWS
Security Status – IAM – AWS
Click on Manage users.

2.Click on Add user tab.
add-user-console-aws
add-user-console-aws

3. Enter the user name . Click on “Add another user” link to add multiple users at same time.
enter-the-iam-users-names
enter-the-iam-users-names

4. Select the access type for users. You have option to auto-generate the account password and force to change at first login.
select-the-access-type-for-new-users
select-the-access-type-for-new-users

5. We shall create the group later. Just click on “Next” to review the accounts.
click-next-to-review
click-next-to-review

6. Review the accounts and click “Create Users” to create the account.
review-the-accounts-and-create-users
review-the-accounts-and-create-users

7.Download the CSV file which contains the user secret access keys and passwords. There is no way to fetch those keys and passwords once you close the wizard. You might need to re-generate it from root account  if you lost the credentials.
download-users-credentials-and-secret-access-key
download-users-credentials-and-secret-access-key

8.Here is the list of users which we have created.
users-list- AWS IAM
users-list- AWS IAM
We have successfully created users on AWS IAM.
9. Let’s begin to mange the groups.
manage-groups-AWS IAM
manage-groups-AWS IAM

10.Click on Create New group tab .
aws-iam-groups
aws-iam-groups

11. Enter the group name.
enter-the-new-group-name-iam-aws
enter-the-new-group-name-iam-aws

12.We will attach the policies later if required.
skip attach-policy
skip attach-policy

13. Review and create the group.
review-and-create-the-group-iam-aws
review-and-create-the-group-iam-aws

14. Here is the newly created group.
iam-aws-group-listing
iam-aws-group-listing

We have successfully created new group on AWS IAM.

Adding users to GROUP:

Let’s add the newly created users to group UASUPPORT.
1. Select the group and click on group action. Select “Add users to group”.
add-users-to-group
add-users-to-group

2. Select users which are need to be part of “UASUPPORT”  group and click on  “Add users”
select-users-for-group
select-users-for-group

3. Here you can see that all three users are added to the group.
users-added-in-group
users-added-in-group


Attach polices to group: 

Attaching policies to group is best practice instead of directly attaching to individual users. That’s the reason we have skipped attaching the policy while creating the users. Let’s see how we can attach the administrator policy to group UASUPPORT.
1.Click on Policies. Search for “AdminstratorAccess” policy  and select it. From the “Policy Actions” menu , click on Attach .
attach-policy-administrator-access
attach-policy-administrator-access

2.Select group and click on  “Attach policy”.
attach-policy-to-group
attach-policy-to-group

3.Here you can see that group “UASUPPORT”  has been successfully attached policy “Administrator Access” . Now all the users under that group will equivalent to root users.
policies-listing
policies-listing

Let’s have a closer look on policy documents.
1.Click on the policy name (AdministratorAccess).
just-look-at-the-json-coding-policy
just-look-at-the-json-coding-policy

2. Just click on Attached Entities to see where these policy is used.
policy-attached-entities
policy-attached-entities


Apply IAM Password Policy:

Let’s configure the password policy.
applu-an-iam-password-policy
apply-an-IAM-password-policy

Click on Manage password policy which will take you to the below screen.  You can configure according to your requirement. I have highlighted my changes in the password policy.
iam-password-policy
iam-password-policy

Just go back to IAM dashboard and look at the security status. You should see something like below.
security-status-green
security-status-green

We have successfully setup AWS IAM . You could test the user login credentials using direct URL which we have customized earlier . In the upcoming article, we will dig in to S3 (AWS Storage servcie).

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)