In this lab, you’ll practice creating and managing users with AWS IAM. When you’re finished with this lab, you’ll have the skills to create and apply best practices for access management to an organization's AWS operations and resources.
* Our Labs are Available for Enterprise and Professional plans only. Terms and conditions apply.
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... moreity workforce and technologies for business and national enterprises alike. In support of the Air National Guard, he contributes those skills part time in various initiatives to defend the nation in cyberspace. Certifications: GIAC GCIA, GIAC GCED, CCNA Cyber Operations, Pentest+, CySa+, CASP
Group membership allows you to apply permissions to more than one user at a time. You will create groups for AWS administration, dev ops, dev, security, and management (finance), and select appropriate default policies for each.
Create Users and Apply Groups
You will now create five users with the user creation wizard, and select the appropriate group for each. You will choose programmatic vs api access for the appropriate team members, and will enter the email and organizational tag information.
Create A Custom Policy Access To S3 Bucket Functionality
Create a policy to granularly restrict access to the creation of S3 buckets. This policy is meant for use with internal resources only, and will restrict the allowed access to read-only as well as to your AWS internal IP space.
Create a Custom Role for EC2 Instance Access to S3 Bucket
Create a new role with the previously created policy that temporarily grants access to dynamically and programmatically create S3 buckets. Then you will attach this role to a specific EC2 instance in the environment.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.