Task 6:

1. Introduction to Amazon Relational Database Service (RDS) - SQL Server)

2. AWS Identity and Access Management (IAM) Task
AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services
(AWS) customers to manage users and user permissions in AWS. With IAM, you can centrally manage
users, security credentials such as access keys, and permissions that control which AWS resources
users can access.

Task1: Creating Users:

Step 1: Sign in to the AWS Management Console

1.​ Go to the AWS Management Console at [Link]

2.​ Sign in with your AWS account credentials.

Step 2: Navigate to the IAM (Identity and Access Management) Service

1.​ In the AWS Management Console, search for IAM in the search bar or find it under the
Security, Identity, & Compliance category.
2.​ Click on IAM to open the IAM dashboard.

Step 3: Create a New User

1.​ In the IAM dashboard, click on Users in the left-hand menu.

2.​ Click on Create User`
Step 4: Configure the User Details

1.​ Enter the User name :User1

2.​ Under Select AWS access type, check AWS Management Console access.
o​ For Console password, choose Custom password (You create a password for the
User1 as User1@123).
3.​ Uncheck Require password reset to force the user to change their password upon first login.

. Step 5: Set Permissions

1.​ Click Next: Permissions.
2.​ Choose the following options to set permissions for the user:
o​ Attach existing policies directly: Select policies that define the permissions for the
user.
Step 6: Review and Create the User
1.​ Click Next: Tags to add optional tags for the user.
2.​ Click Next: Review to review the user's details and permissions.
3.​ Click Create user to finalize the process.

Click on download .csv file

Repeat above steps for to create User2 and User3

Task 2: Create UserGroups

(a) Create “EC2-Admin” UserGroup
Step 1: Navigate to the IAM (Identity and Access Management) Service

1.​ In the AWS Management Console, search for IAM in the search bar or find it under the
Security, Identity, & Compliance category.
2.​ Click on IAM to open the IAM dashboard.

Step 2: Create a New User Group

1.​ In the IAM dashboard, click on User groups in the left-hand menu.
2.​ Click on Create group.

Step 3: Configure the Group Details

1.​ Enter EC2-Admin as the Group name.

2.​ Click Create group to create the group without attaching any policies at this step.

Step 4: Attach an Inline Policy to the Group

 1.​ In the User groups list, click on the EC2-Admin group name.
2.​ Click on the Permissions tab.
3.​ Click Add permissions and then select Create inline policy.

Step 5: Define the Inline Policy

1.​ In the Create policy editor, switch to the JSON tab.

2.​ Paste the following policy JSON to allow view, start, and stop access to EC2 instances:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeVolumes",
"ec2:DescribeTags",
"ec2:DescribeSecurityGroups",
"ec2:DescribeKeyPairs",
"ec2:DescribeSnapshots"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "arn:aws:ec2:*:*:instance/*"
}
]
}

Step 7: Name and Attach the Policy

1.​ Enter a name for the policy, such as EC2-ViewStartStopAccess.

2.​ Click Create policy to attach it to the group.

Step 8: Add Users to the Group

1.​ In the EC2-Admin group page, click on the Users tab.

2.​ Click Add users.
3.​ Select the User3 to add to this group.
4.​ Click Add users to finalize the process.

(b) Create “EC2-Support” UserGroups

Step 1: Navigate to the IAM Service

1.​ In the AWS Management Console, search for IAM in the search bar or find it under the
Security, Identity, & Compliance category.
2.​ Click on IAM to open the IAM dashboard.

Step 2: Create a New User Group

1.​ In the IAM dashboard, click on Groups in the left-hand menu.

2.​ Click on Create New Group.

Step 3: Configure the Group Details

1.​ Enter EC2-Support as the Group Name.

2.​ Click Next Step to proceed.

Step 4: Attach a Policy to the Group

1.​ On the Attach Policy page, use the search bar to find the AmazonEC2ReadOnlyAccess
policy.
2.​ Select the checkbox next to AmazonEC2ReadOnlyAccess.
3.​ Click Next Step to continue.

Step 5: Review and Create the Group

1.​ Review the group's name and attached policies.

2.​ Click Create Group to finalize the process.

Step 6: Add Users to the Group (Optional)

1.​ To add users, go to the Groups section, select EC2-Support, click on the Group Actions
dropdown, and choose Add Users to Group.
2.​ Select the User2 and click Add Users.

(c) Create “S3-Support” UserGroup

Step 1: Navigate to the IAM (Identity and Access Management) Service

1.​ In the AWS Management Console, search for IAM in the search bar or find it under the
Security, Identity, & Compliance category.
2.​ Click on IAM to open the IAM dashboard.

Step 2: Create a New User Group

1.​ In the IAM dashboard, click on User groups in the left-hand menu.
 2.​ Click on Create group.

Step 3: Configure the User Group Details

1.​ In the Group name field, enter S3-Support.

2.​ Click Next.

Step 4: Attach the S3 Read-only Access Policy

1.​ On the Attach policies page, search for z.

2.​ Check the box next to the AmazonS3ReadOnlyAccess policy to grant the group read-only
access to Amazon S3.
3.​ Click Next.

Step 5: Review and Create the Group

1.​ Review the group name and attached policy on the Review page.
2.​ Click Create group to finalize the process.

Step 6: Add Users to the Group (Optional)

1.​ In the User groups page, click on the S3-Support group you just created.
2.​ Click on the Users tab.
3.​ Click Add users.
4.​ Select the User1 to add to this group, Click Add users.

Task 3: Create EC2 Instance named “MyServer” with Linux OS Image

Task 4: Create S3 bucket and add some files to bucket
Task 5: Sign-In and Test Users
1. In the navigation pane on the left, choose Dashboard.

●​ A Sign-in URL for IAM users in this account link is displayed on the right. It
will look similar to: [Link]
●​ This link can be used to sign-in to the AWS Account you are currently using.
●​ Copy the Sign-in URL for IAM users in this account to a text editor.

2. Open a private (Incognito) window.

●​ Choose the ellipsis at the top-right of the screen

●​ Select New Incognito Window
3. Paste the IAM users sign-in link into the address bar of your private browser session and
press Enter.

●​ Sign-in with:
o​ IAM user name: User1
o​ Password:User1@123

4. In the search box to the right of Services, search for and choose S3 to open the S3
console.

●​ Choose the name of the bucket that exists in the account and browse the contents.
●​ Since your user1 is part of the S3-Support Group in IAM, they have permission to
view a list of Amazon S3 buckets and the contents.

Now, test whether they have access to Amazon EC2.

5. In the search box to the right of Services, search for and choose EC2 to open the EC2
console.

●​ In the left navigation pane, choose Instances.

●​ You cannot see any instances. Instead, you see a message that states You are not
authorized to perform this operation. This is because this user has not been granted
any permissions to access Amazon EC2.

6. At the top of the screen, choose User1

●​ Choose Sign Out

7. Now sign-in as User2, who has been hired as your Amazon EC2 support person.

●​ Paste the IAM users sign-in link into your private browser tab's address bar and
press Enter.
●​ Sign-in with:
o​ IAM user name: User2
o​ Password:User2@123
8. In the search box to the right of Services, search for and choose EC2 to open the EC2
console.
●​ In the navigation pane on the left, choose Instances.
●​ You are now able to see an Amazon EC2 instance “MyServer” because you have
Read only permissions.
●​ However, you will not be able to make any changes to Amazon EC2 resources.
9. Select the instance named ”MyServer”
●​ In the Instance state menu above, select Stop instance.
●​ In the Stop Instance window, select Stop.
●​ You will receive an error stating You are not authorized to perform this operation. This
demonstrates that the policy only allows you to view information, without making
changes.
●​ Choose the X to close the Failed to stop the instance message.
10. Next, check if User-2 can access Amazon S3.
●​ In the search box to the right of Services, search for and choose S3 to open the S3
console.
●​ You will see the message “You don't have permissions to list buckets” because
User2 does not have permission to access Amazon S3.
●​ At the top of the screen, choose User-2
●​ Choose Sign Out
11. You will now sign-in as User3, who has been hired as your Amazon EC2 administrator.
●​ Sign-in with:

o​ IAM user name: User3

o​ Password: User3@123

12. In the search box to the right of Services, search for and choose EC2 to open the EC2
console.

●​ In the navigation pane on the left, choose Instances.

●​ As an EC2 Administrator, you should now have permissions to Stop the Amazon EC2
instance.

13. Select the instance named “MyServer”

●​ In the Instance state menu, choose Stop instance.

●​ In the Stop instance window, choose Stop.
●​ The instance will enter the stopping state and will shutdown.