mm

I am Ramesh Atchala currently working as Software Engineer. I like to upgrade my skills and enthusiastic to learn new things. Have a huge interest on AWS,DevOps and this platform is a good opportunity to share some information and to learn as well.

Share this post

Real-Time Use Case : IAM (Identity and Access Management)

in AWS
Share via:
Post Views: 0

Dear Readers,

In this article, we will see the following Realtime Usecase.

Realtime Usecase :
My Client swiggy wants to administrate theri technical Engineers as follows.
They have team such as Developers,Database Admins,Linux Admins and storage admins.All the team should be in two levles L1 -TEAM & L2-TEAM.
During CAB Call we confirmed with SDM Manager,theri requirments is to have a Team Leader to manage all the teams. Ensure only Team Leaders group can do this User Management.

Steps to Follow:

👉Logging to AWS Account.
👉Create User “teamleader”.
👉Logging to User “Teamleader”
👉Create Groups “L1-TEAM” &”L2-TEAM”.
👉Create Users and Add to Individual Groups.
👉Logging to User “L1USER1”.
👉Logging to User “L2USER2”.

1. Logging to AWS Account

First, we need to AWS Console page by using below link.

https://aws.amazon.com/console/

Click on sign in to Console button.

Provide username and password then click on sign in.

Enter to AWS Management Console

We can see the AWS Management Console Dashboard.

2. Create User “teamleader”

Go to Security, Identity & compliance module click on IAM service to open.

We can see IAM Management Dashboard.

Go to Users,click on Add user.

Specify new user names “teamleader”.

Give access type “AWS Management Console Access” and “Programmatic access” to get username and password by clicking on checkbox and click on Next.

Select Attach existing policies directly and AdiminstartionAccess and click on Next.

Click on Next.

Click on Create User.

The user has been created and click on close.

we can see the created user “Teamleader”.

3. Logging to User “Teamleader”

Go to IAM Dashboard and copy IAM users sign-in-link.

Paste copied IAM users sign-in-link in another browser.

specify username,password then click on Sign in.

Change the password of user

Specify require password and click on Confirm password change.

We can see the user “Teamleader@ram0302”

Note:
We gave administration access to Teamleader,so he can manage all services and resources expect Billing Dashborad.

We can see error : You Need Permissions in Billing & Cost Management Dashboard.

Teamleader doesn’t have billing access permission.

4.Create Groups “L1-TEAM” &”L2-TEAM”

Go groups and click on groups  to create new group.

Specify Group Name “L1-TEAM” and click on Next.

Select required policy “AmazonS3ReadOnlyAccess” to group by searching “s3” in search bar.

Select required policy “AmazonEC2eadOnlyAccess” to group by searching “EC2READ” in search bar and click on Next.

Click on Create Group.

We can the group “L1-TEAM” has been created successfully.

Click on create new group.

Specify Group Name “L2-TEAM” and click on Next.

Select required policy “AmazonS3FullAccess” to group by searching “s3” in search bar.

Select required policy “AmazonEC2FullAccess” to group by searching “EC2F” in search bar and click on Next.

Click on Create Group.

We can the group “L2-TEAM” has been created successfully.

5. Create Users and Add to Individual Groups

Go to Users,click on Add User.

Specify new user names “L1USER1,L1USER2,L1USER3″.

Give access type “AWS Management Console Access” get username and password by clicking on checkbox and click on Next.

Add users to group “L1-TEAM” and click on Next.

Click on Next.

Click on Create Users.

The users has been created and click on close.

we can see the 3 users added to first group “L1-TEAM”.

Click on Add User.

Specify new user names “L2USER1,L2USER2,L2USER3″.

Give access type “AWS Management Console Access” get username and password by clicking on checkbox and click on Next.

Add users to group “L2-TEAM” and click on Next.

Click on Next.

Click on Create Users.

The users has been created and click on close.

we can see the 3 users added to group “L2-TEAM”.

6. Logging to User “L1USER1”

Go to IAM Dashboard and copy IAM users sign-in-link.

Paste copied IAM users sign-in-link in another browser.

specify username,password then click on Sign in.

Change the password of user

Specify require password and click on Confirm password change.

We can see the user “L1USER1@ram0302” and click on S3.

Click on Create bucket.

Specify username “ktexpertsbucket” and click on create.

We can see Error : Access denied.

Cause : This user has only ReadOnly access that’s what we got error.we can see only buckets and objects.

we can’t do any activity expect readonly.

7. Logging to User “L2USER2”

Go to IAM Dashboard and copy IAM users sign-in-link.

We can see the user “L2USER1@ram0302” and click on S3.

Click on Create bucket.

Specify bucketname “ktexpertsbucket” and click on create.

We can see the bucket has created successfully.

Note:
We gave S3 full access to this user that’s why we are able to create bucket.

 

Thank you for giving your valuable time to read the above information.
Follow us on 
Website  www.ktexperts.com
Facebook Page KTexperts
Linkedin Page : KT EXPERTS

Follow Me
Ramesh’s Linkedin : Ramesh Atchala

Share via:
Note: Please test scripts in Non Prod before trying in Production.
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

You might also like...

Add Comment