Daja Wages

ITS 2400
April 17, 2021
Professor Jacobs

Lab 1: Introduction to AWS IAM

 
Overview:
AWS Identity and Access Management (IAM) is a web service that
enables Amazon Web Services (AWS) customers to manage users and
user permissions in AWS. With IAM, you can centrally
manage users, security credentials such as access keys,
and permissions that control which AWS resources users can access.

Objectives:

In this lab, you will:

1. Explore pre-created IAM Users and Groups

2. Inspect IAM policies as applied to the pre-created groups
3. Follow a real-world scenario, adding users to groups with specific
capabilities enabled
4. Locate and using the IAM sign-in URL
5. Experiment with the effects of policies on service access

Instructions:
Follow instructions per the lab instructions provided as a Word document
but also readily available to you in the AWS lab online.
Complete questions (Q#) as requested below, making sure that you
address the specific questions asked. (20 points)
Complete screenshots (SS#) as described for each below, making sure
that you include: (5 screenshots at 4 points each for a total of 20 points)
1. The URL at the top of the screen.
2. The navigation pane to the left.
3. The content pane (the majority of the screenshot).
 4. The task bar (typically at the bottom of the screen)
5. Date and time (PC is typically in the lower right, a Mac is typically in
the upper right).
6. Text editor (such as Notepad) with your name in the screenshot,
making sure that you do not cover up the information that needs to be
graded.

Lab Sheet:
Q1: What is the overall purpose of AWS Identity and Access
Management (IAM)?
To manage the users, their access, roles and permissions

Q2: How does IAM control user access?

By assigning them their own unique security credentials.
Q3: What is the difference between a role and a user?
A role is not intended to be associated to only one person and can be used
by anyone who needs it. A User is assigned to one person and only they
have access to that account.
Q4: What does identity federation provide users?
It allows users in a business to access AWS Management Console, to call
API’s and to gain access to resources without needing a user account..
Q5: In IAM, you have multiple tabs. In the Security credentials tab,
what option(s) do you have for the console password?
The options to choose from include an existing password, an
autogenerated or a custom password.
Q6: What are Managed Policies and how do they work?
Managed policies are pre-existing policies built by AWS itself or by
administrators. If policies are changed, they are go into effect immediately
and apply to all of the users and groups within a policy.
Q7: What is a policy in general?
A policy is a principle of action proposed by an individual, party, business,
etc.
SS1: Task 1, Step 14. Show the policy pop-up screen with effects, actions,
and resources of the managed IAM Policy.
Q8: What permissions does the AmazonS3ReadOnlyAccess allow?
To get and list resources in Amazon S3.

Q9: What is an Inline Policy?

A policy assigned to just one user or group.

SS2: Task 1, Step 22. Show the policy pop-up screen with the effect,
action, and resource of the Inline Policy.
Q10: Which of the three users has the least restrictive permissions?
EC2-Admin-Policy

SS3: Task 2, Step 31. Show the Groups category with each user having
one member.
Q11: What does a private window prevent? (May need to Google this
one if you are not sure.)

Prevents browsing history, cookies, site data and information entered from
being saved. It also prevents other users on the computer from viewing
your activity.
Q12: What does IAM allow the S3-Support Group to do?
To view a list of Amazon S3 buckets and its’ contents.

Q13: Why can’t the S3-Support Group see Amazon EC2 instances?
Because they haven’t been assigned to use EC2 permissions

Q14: Can user 2 see Amazon EC2 instances? Why or why not?

Yes, because User 2 has Read-only permissions.

SS4: Task 3, Step 47. After logging in as user 2, show your screen after
clicking Yes, Stop in order to stop the EC2 instance.

Q15: How do you know that you cannot perform an action because of
a policy?
You will get an error stating that you are not authorized.
Q16: You are often reminded in the lab about checking to make sure
that you are using a specific region. Why does the Region matter?

It matters because it depends on the region that was chosen or at default

from the start of the lab.
SS5: Task 3, Step 57. After logging in as user 3, show your screen after
clicking Yes, Stop in order to stop the EC2 instance (show the stopping
state).
Q17: Why is it important to stop services, in this case the EC2 instance, at
the end of a lab or when a job function is completed?

So that the instance will shut down.

Use the following website to address the remaining questions,

comparing AWS, Azure, and Google: https://intellipaat.com/blog/aws-
vs-azure-vs-google-cloud/

Q18: AWS EC2 is Amazon’s cloud computing machine. While Microsoft

Azure uses Virtual Machines and the Google Cloud Platform uses Google
Compute Engine.
Q19: Amazon S3 is Amazon’s object storage solution. While Microsoft
Azure uses Blob Storage and the Google Cloud Platform uses Google
Cloud Storage.
Q20: As you can see, each of the cloud vendors offers solutions to meet
similar needs. And each vendor offers four storage services. These storage
services include object storage, virtual server disks, cold storage and
file storage.