Mohit Sharma

Roll No: SG19825

BE IT 6th Semester
Subject: Data
Warehouse

Data Warehousing and AWS Practical File

Submitted To: Gurpinder Sir

 INDEX

Experiment No. 1 4
Aim: Create a simple table in MS Excel Worksheet.

Experiment No. 2 9
Aim: Create a sales table for any company and perform these operations: Calculate total
sales, compare the sales quarterly and yearly. 9

Experiment No. 3 11
Aim : Implementing various excel functions such as MAX, SUM, AVERAGE etc. 12

Experiment No.4 15
Aim: To make an OLAP cube in MS Excel. 16

Experiment No. 5 20
Aim: To create a table in MS Access. 20

Experiment No. 6 23
Aim: To create a form in Microsoft Access. 23

Experiment No. 7 27
Aim: To create various types of queries in the MS Access database. 27

Experiment No. 8 30
Aim: To Create a MS Access Report of Access Database. 30

Experiment No. 9 33
Aim: To learn more about AWS EC2 instances and steps to create an EC2 Instance. 33

Experiment No. 10 41
Aim: To study more about Identity and Access Management in AWS and learn how to set it
up or use it. 41
41
 Experiment No. 1

Aim: Create a simple table in MS Excel Worksheet.

Theory

Microsoft Excel is a computer application program written by Microsoft. It mainly comprises

tabs, groups of commands and worksheets. It is mainly used to store tabular data. Microsoft
Excel is one of the most suitable spreadsheet functions that help us manage data, create
optically logical charts, and thought-provoking graphs. Microsoft Excel is supported by both
Mac and PC platforms. Microsoft Excel can also be used to balance a checkbook, create an
expense document, build formulas, and edit them.

Features of MS Excel:
• Auto sum
• List Autofill
• Autofill
• Auto shapes
• Wizard
• Charts
• PivotTable
• Shortcut Menus

Steps to create a spreadsheet:

• Open Microsoft Excel, and click the blank workbook.
• Enter data by selecting the cells and entering the required data.
• By default, when you create table in an Excel, all cells will be formatted with a black
font. You can change the color of the font within any cell.
• To change the font color in a cell, select the text that you wish to change the color
of and go to Home Tab and then change color from selecting color from colortab.
Steps using images

How to Create a Table in Excel

You have two ways to create a table in Microsoft Excel. The only noticeable difference is if
you want to apply a specific color style to the table.

Create a Table With Style

If you’d like to use a fancy color scheme, follow along with this method to create your table.

Select the range of cells in your spreadsheet that you want to convert to a table and open the
“Home” tab. Click the “Format as Table” drop-down box in the ribbon and choose the style
you’d like to use.

Fig 1.1

Create a Basic Table

If the color of the table isn’t a concern, you can simply insert a basic table. This will still apply
alternating colors to the rows, just in the default blue and white color scheme.

Select the range of cells that you want to convert, open the “Insert” tab, and click “Table” in the
ribbon.

Fig 1.2

Confirm the Cells and Apply Headers

Using either of the above methods, a pop-up window will appear next. Here, you can confirm or
edit the range of cells. If you plan to add more data to the table, you may want to include more
rows or columns from the start.

You can either manually edit the cell range in the box or drag your cursor through the area
on your sheet while the window remains on the screen.

If you want to use your own header row for the table, check the box for “My Table Has
Headers” and click “OK” when you finish.
 Fig 1.3

If you do not check the box to use table headers, Microsoft Excel will assign them by default as
Column 1, Column 2, and so on, which you can edit if you wish. Just note that if you do have a
header row but choose not to use the feature, that row will then be treated as data, which
affects your table filtering.

How to Customize Your Excel Table

Now that you have your table, you can customize it. Select any cell in the table and you’ll see the
“Table Design” tab appear above the ribbon. Open that tab and check out the following options.

Table name

Each table you create is given a default name of Table 1, Table 2, and so on. You can give
your table a more meaningful name, which is helpful if you plan to reference it in your
workbook. Enter the name you want to use in the “Table Name” field.
 Fig 1.4

Show or hide rows, columns, and buttons

In the center of the ribbon are checkboxes to show things like a total row, the first and
last columns, and the filter button. Check the boxes for the items that you want to display.

Table style

Whether you started your table with a particular style or just used the default, you can change it
here. On the right side of the ribbon, use the arrows to view and then select a color scheme.

Fig 1.5

This is how you can make your table -:

Fig 1.6
 Experiment No. 2

Aim: Create a sales table for any company and perform these operations:
Calculate total sales, compare the sales quarterly and yearly.

Theory

Functions used:

SUM: Use the SUM function in Excel to sum a range of cells, an entire column or
noncontiguous cells. To create awesome SUM formulas, combine the SUM function with
other Excel functions. The SUM function adds values. You can add individual values, cell
references or ranges or a mix of all three. For example:

1. =SUM (A2:A10) Adds the values in cells A2:10.

2. =SUM (A2:A10, C2:C10) Adds the values in cells A2:10, as well as cells C2:C10.

Fig 2.1

3. MAX: MAX (number1, [number2], ...)

The MAX function syntax has the following arguments: Number1, number2, ... Number1 is
required, subsequent numbers are optional. 1 to 255 numbers for which you want to find the
maximum value.

Output

Fig 2.2

Calculating total

Fig 2.3
 Experiment No. 3

Aim : Implementing various excel functions such as MAX, SUM, AVERAGE

etc.

Theory

Excel provides us various excel functions in different categories like (“Financial, Date &
Time, Math, Stats, Logical, etc.)

Some of the most used are:

SUM

The first Excel function you should be familiar with is the one that performs the basic arithmetic

operation of addition:

SUM (number1, [number2], …)

In the syntax of all Excel functions, an argument enclosed in [square brackets] is optional,

other arguments are required. Meaning, your Sum formula should include at least 1 number,

reference to a cell or a range of cells. For example:

=SUM (B2:B6) - adds up values in cells B2 through B6.

=SUM (B2, B6) - adds up values in cells B2 and B6.

If necessary, you can perform other calculations within a single formula, for example, add

up values in cells B2 through B6, and then divide the sum by 5:

=SUM (B2:B6)/5

To sum with conditions, use the SUMIF function: in the 1st argument, you enter the range of

cells to be tested against the criteria (A2:A6), in the 2nd argument - the criteria itself (D2), and
in the last argument - the cells to sum (B2:B6):

=SUMIF (A2:A6, D2,

B2:B6) AVERAGE:

The Excel AVERAGE function does exactly what its name suggests, i.e. finds an average, or

arithmetic means numbers. Its syntax is similar to SUM's:

AVERAGE (number1, [number2], …)

Having a closer look at the formula from the previous section (=SUM (B2:B6)/5), what does

Does it actually do? Sums values in cells B2 through B6, and then divides the result by 5. And
what

do you call adding up a group of numbers and then dividing the sum by the count of those

numbers? Yep, an average!

The Excel AVERAGE function performs these calculations behind the scenes. So, instead of

dividing sum by count, you can simply put this formula in a cell:

=AVERAGE (B2:B6)

To average cells based on condition, use the following AVERAGEIF formula, where A2:A6

is the criteria range, D3 is he criteria, and B2:B6 are the cells to average:

=AVERAGEIF (A2:A6, D3, B2:B6)

MAX & MIN

The MAX and MIN formulas in Excel get the largest and smallest value in a set of numbers,

respectively. For our sample data set, the formulas will be as simple as:
=MAX (B2:B6)

=MIN (B2:B6)

COUNT & COUNTA

If you are curious to know how many cells in a given range contain numeric values (numbers

or dates), don't waste your time counting them by hand. The Excel COUNT function will

bring you the count in a heartbeat:

COUNT (value1, [value2], …)

While the COUNT function deals only with those cells that contain numbers, the COUNTA

function counts all cells that are not blank, whether they contain numbers, dates, times, text,

logical values of TRUE and FALSE, errors or empty text strings (""):

COUNTA (value1, [value2], …)

IF

Judging by the number of IF-related comments on our blog, it's the most popular function in

Excel. In simple terms, you use an IF formula to ask Excel to test a certain condition and return

one value or perform one calculation if the condition is met, and another value or calculation

if the condition is not met:

IF (logical test, [value_if_true], [value_if_false])

For example, the following IF statement checks if the order is completed (i.e. there is a value

in column C) or not. To test if a cell is not blank, you use the "not equal to" operator (<>) in
combination with an empty string (""). As the result, if cell C2 is not empty, the formula returns

"Yes", otherwise "No":

=IF(C2<>"", "Yes",

"No") AND & OR

These are the two most popular logical functions to check multiple criteria. The difference is

how they do this:

• AND returns TRUE if all conditions are met, FALSE otherwise.

• OR returns TRUE if any condition is met, FALSE otherwise.

While rarely used on their own, these functions come in very handy as part of bigger formulas.

For example, to check the test results in columns B and C and return "Pass" if both are greater

than 60, "Fail" otherwise, use the following IF formula with an embedded AND statement:

=IF(AND(B2>60, B2>60), "Pass", "Fail") This is how you can access functions in Excel.

Fig 3.1
 Experiment No.4

Aim: To make an OLAP cube in MS Excel.

Theory

OLAP

OLAP stands for On-Line Analytical Processing. OLAP is a classification of software

technology which authorizes analysts, managers, and executives to gain insight into
information through fast, consistent, interactive access in a wide variety of possible views of
data that has been transformed from raw information to reflect the real dimensionality of the
enterprise as understood by the clients.

OLAP implement the multidimensional analysis of business information and support the
capability for complex estimations, trend analysis, and sophisticated data modeling. It is
rapidly enhancing the essential foundation for Intelligent Solutions containing Business
Performance Management, Planning, Budgeting, Forecasting, Financial Documenting,
Analysis, Simulation-Models, Knowledge Discovery, and Data Warehouses Reporting.
OLAP enables end-clients to perform ad hoc analysis of record in multiple dimensions,
providing the insight and understanding they require for better decision making.

Steps to make the olap cube:

• Create a Raw data table

• Copy the data from the above table and copy into another worksheet.

• Now Select anywhere in the table and go to Insert tab and click Pivot table, you can

also check for the recommended pivot table.

Fig 4.1

• Now create three pivot tables according to your data.

 Fig 4.2

• Select the fields and add the content in row, table or values column and add filter to it.

• The three pivot tables here are: Product Category by Year Quarters, Year quarters

by sections and by count of sections.

• Now close the grand total of all the three tables.

Fig 4.3

• Now to remove the drop down select any cell type (=cell number) and Enter.

• Drag and format the values, update all three pivots in the same way.

• Cut these new tables and paste into another worksheet, now change the borders and the
cell color from cell formatting.

Fig 4.4

• Copy the tables and paste as a picture in the same sheet and change their rotations.

• Arrange them in a way to form a cube as shown below.

OUTPUT

Fig 4.5
 Experiment No. 5

Aim: To create a table in MS Access.

Theory

Microsoft Access is a Database Management System (DBMS) from Microsoft that combines the
relational Microsoft Jet Database Engine with a graphical user interface and software
development tools. It is a part of the Microsoft Office suite of applications, included in the
professional and higher editions. This is an introductory tutorial that covers the basics of MS
Access.

Steps to create a simple table:

● Open MS Access and you will see the following screen in which different
Access database templates are displayed.

Fig 5.1

● Select a blank database and Access will create a new blank database and will open up
the table which is also completely blank.
 Fig 5.2

● Now click on the create button & then a screen appears showing id and field name.

Fig 5.3

● Now click on the design table then screen appears showing field name, data type &
description.
● Where data type is the form in which input taken & field name is column name.
 Fig 5.4

● Make one entry as a private key, by selecting the primary key option.
● Choose the field name and their respective data type.
● Click ok and a blank database appears.

Fig 5.5

● Enter the data

 Fig 5.6

● OUTPUT

Fig 5.7
 Experiment No. 6

Aim: To create a form in Microsoft Access.

Theory

Forms in Access are like display cases in stores that make it easier to view or get the items

that you want. Since forms are objects through which you or other users can add, edit, or

display the data stored in your Access desktop database, the design of your form is an

important aspect. There's a lot you can do design-wise with forms in Microsoft Access.

You can create two basic types of forms −

● Bound forms: Bound forms are connected to some underlying data source such as a

table, query, or SQL statement.

● Unbound forms: These forms are not connected to an underlying record or data source.

Steps for Creating a Form:

● Open your database and go to the Create tab and click on The Form Wizard option.
● You can change the Form view to enter the records from the Home tab from the left
upper corner.

Designing the Form

● Go to create tab & click on Form wizard and then the following screen appears.
● Now select the fields to show on the form by clicking on >> button.
● Otherwise if you don’t need any one of the fields from the selected field click on
< button. Now click on next
 Fig 6.1

● Then the following screen appears where you can select which type of form you want to
make. We will select columnar and click on the next.
 Fig 6.2

● Now a screen appears through which you can change the name of the form and select the
Modify the form’s Design radio button to modify the form and click on finish.

Design View:

● To change the background color of boxes or text select the boxes and by right
clicking you will get various options for styling and coloring the boxes and text.

Fig. 6.3
 ● To add buttons to your form, go to the Design tab and click on the Button tool & then
you can draw your button anywhere in the design area. Now the following Command
Button Wizard Screen appears.
● From this screen you can select which type of buttons you want to add. Now we select
Record Operations and on the right side we select Add New Record & then click on
Next button. Then the following screen appears.
● This will ask for the name of the button or to put an image in place of the button and click
on finish.
● Similarly, we can add different buttons like Save Record, Last Record, First Record,
Next Record & Previous record.
● Now you can add a chart also by clicking on the chart button from the design tab.
● Now you can finally view your form by clicking on Form View from Home Tab.

Output:

Fig 6.4
 Experiment No. 7

Aim: To create various type of queries in the MS Access database.

Theory

Query: A query is a request for information from the database tables. Simple queries are

those that retrieve data from a single table.

Steps involved to use various type of queries:

● First we add up a Salary column in our EmpTable by using the Design view of the
table. Now the table used for applying queries is given below.
● To start querying go to the Create tab and click on the Query Wizard. Now the
following screen appears.

Fig 7.1

● Now select Simple Query Wizard and click OK. Then the following screen appears. In
this step you can choose a table in which you have to apply queries. And you can also
choose fields on which you have to apply queries using the >> button. We will select
all fields to right side and click on Next. Then the following screen appears.
 Fig 7.2

● In this step you can change the name of the query & we will select Modify the Query
Design and click on Finish. Now the following screen appears

Fig 7.3

So in the above screen various columns appear. In a row named Criteria we can write our
queries. E.g. If we want to get the names of the employees whose name starts with letter M, we
can write our query in First Name Col. MS Access engine automatically converts written query
into its defined syntax. Like “V*”. To execute above query go to Design Tab & clickon Run
Button.
● To make a query for Salary column, let us suppose we have to find out which
employees have paid greater than 20,000. Now go to pay column and we will write our
query in Criteria row.
● Query: >= 20000

Fig 7.4

● If you want to add an extra column specifying an expression to find anything e.g. Bonus.
We will go to the Design Tab and click on the Builder. Then the following screen
appears. In this screen we can write the name of the column and note that the name of the
column should be exceeded by: e.g. Bonus: and after that if you want to add any name of
column than it should be in [] e.g. [pay] Expression for Bonus: Bonus: ([Pay]*50) And
then click on OK. Now you can see a column is added to the table column.
● To execute the above query, go to Design Tab & click on Run Button.
 Experiment No. 8

Aim: To Create a MS Access Report of Access Database.

Theory

Reports offer a way to view, format, and summarize the information in your Microsoft Access
database. For example, you can create a simple report of phone numbers for all your contacts, or
a summary report on the total sales across different regions and time periods.

● A report consists of information that is pulled from tables or queries, as well as

information that is stored with the report design, such as labels, headings, and graphics.
● The tables or queries that provide the underlying data are also known as the report's
record source.
● If the fields that you want to include all exist in a single table, use that table as the record
source.
● If the fields are contained in more than one table, you need to use one or more queries as
the record source.

You can:

● Create a Simple Report

● Create A grouped or summary report
● Design Reports
● Use Sub reports
● Use query as the record source for a form report
● Modify edit or change report
● Set record source for report
● Summing
● Counting
Steps: You can use a query to supply data to a form or report in Access. You can use a query
when you create the form or report, or you can change an existing form or report by setting its
Record Source property. When you set the Record Source property, you can either specify an
existing query, or you can create a new query to use.

Create a simple report, by going to create tab and clicking on Report:

Fig 8.1

In Design view, set the Record Source property to an existing query that you want to use.

Fig 8.2

1. Open the form or report in Design view. If the property sheet is not already open,
press F4 to open it.
2. In the property sheet, on the Data tab, click the Record Source property box.
 Fig 8.3

3. Do one of the following:

1. Start typing the name of the query that you want to use. Access automatically fills
in the name of the object as you type.

OR

2. Click the arrow and then select the query that you want to use.
 Experiment No. 9

Aim: To learn more about AWS EC2 instances and steps to create an EC2
Instance.
Theory

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the
Amazon Web Services (AWS) Cloud. Using Amazon EC2 eliminates your need to invest in
hardware up front, so you can develop and deploy applications faster. You can use Amazon EC2
to launch as many or as few virtual servers as you need, configure security and networking, and
manage storage. Amazon EC2 enables you to scale up or down to handle changes in
requirements or spikes in popularity, reducing your need to forecast traffic.

Features of Amazon EC2

Amazon EC2 provides the following features:

● Virtual computing environments, known as instances

● Preconfigured templates for your instances, known as Amazon Machine Images (AMIs),
that package the bits you need for your server (including the operating system and
additional software)
● Various configurations of CPU, memory, storage, and networking capacity for
your instances, known as instance types
● Secure login information for your instances using key pairs (AWS stores the public
key, and you store the private key in a secure place)
● Storage volumes for temporary data that's deleted when you stop, hibernate, or terminate
your instance, known as instance store volumes
● Persistent storage volumes for your data using Amazon Elastic Block Store (Amazon
EBS), known as Amazon EBS volumes
● Multiple physical locations for your resources, such as instances and Amazon
EBS volumes, known as Regions and Availability Zones
● A firewall that enables you to specify the protocols, ports, and source IP ranges that
can reach your instances using security groups
● Static IPv4 addresses for dynamic cloud computing, known as Elastic IP addresses
● Metadata, known as tags, that you can create and assign to your Amazon EC2 resources
● Virtual networks you can create that are logically isolated from the rest of the
AWS Cloud, and that you can optionally connect to your own network, known as
virtual private clouds (VPCs).

EC2 history

EC2 was the idea of engineer Chris Pinkham who conceived it as a way to scale
Amazon's internal infrastructure. Pinkham and engineer Benjamin Black presented a
paper on their ideas to Amazon CEO Jeff Bezos, who liked what he read and
requested details on virtual cloud servers.

EC2 was then developed by a team in Cape Town, South Africa. Pinkham provided
the initial architecture guidance for EC2, gathered a development team and led the
project along with Willem van Biljon.

In 2006, Amazon announced a limited public beta test of EC2, and in 2007 added two
new instance types -- Large and Extra-Large. Amazon announced the addition of static
IP addresses, availability zones, and user selectable kernels in spring 2008, followed
by the release of the Elastic Block Store (EBS) in August.

Amazon EC2 went into full production on October 23, 2008. Amazon also released a
service level agreement (SLA) for EC2 that day, along with Microsoft Windows and
SQL Server in beta form on EC2. Amazon added the AWS Management Console, load
balancing, autoscaling, and cloud monitoring services in 2009.

As of 2019, EC2 and Amazon Simple Storage Service (S3) are the most popular of
Amazon's AWS products.

How EC2 works

 To begin using EC2, developers sign up for an account at Amazon's AWS website.
They can then use the AWS Management Console, the AWS Command Line Tools
(CLI), or AWS Software Developer Kits (SDKs) to manage EC2.

A developer then chooses EC2 from the AWS Services dashboard and 'launch instance' in
the EC2 console. At this point, they select either an Amazon Machine Image (AMI)
template or create an AMI containing an operating system, application programs, and
configuration settings. The AMI is then uploaded to the Amazon S3 and registered with
Amazon EC2, creating an AMI identifier. Once this has been done, the subscriber can
requisition virtual machines on an as-needed basis.

Data only remains on an EC2 instance while it is running, but a developer can use an
Amazon Elastic Block Store volume for an extra level of durability and Amazon S3
for EC2 data backup.

VM Import/Export allows a developer to import on-premises virtual machine images to

Amazon EC2, where they are turned into instances.

EC2 also offers Amazon CloudWatch which monitors Amazon cloud applications and
resources, allowing users to set alarms, view graphs, and get statistics for AWS data;
and AWS Marketplace, an online store where users can buy and sell software that runs
on AWS.

Launching an EC2 instance

1. Sign in to the preview version of the AWS Management Console

2. Open the Amazon EC2 console by choosing EC2 under Compute.
3. From the EC2 Console, click Launch Instance.

Fig 9.1

4. The Choose an Amazon Machine Image (AMI) page displays a list of basic
configurations called Amazon Machine Images (AMIs) that serve as templates for your
instance. Select the HVM edition of the Amazon Linux 2 AMI.

Fig 9.2
5. On the Choose an Instance Type page, choose c5d.xlarge as the hardware
configuration of your instance and Review and Launch.

Fig 9.3

6. On Instances details, make sure the Auto-assign Public IP is Enable and you
selected Enclave as Enable. Click on Next: Add Storage

Fig 9.4
7. Review the configurations and click Next: Add TagesThe ephemeral0 is the
Instance Storage based on NVMe SSD.

Fig 9.5

8. A tag consists of a case-sensitive key-value pair. For example, you could define a tag
with key = Name and value = Webserver. Add a tag and click Next: Configure Security
Group

Fig 9.6

9. A security group is a set of firewall rules that control the traffic for your instance. On
this page, you can add rules to allow specific traffic to reach your instance. For example,
if
 you want to set up a web server and allow Internet traffic to reach your instance, add
rules that allow unrestricted access to the HTTP and HTTPS ports. Give the Security
group a name and Description. Select source as My IP to avoid exposing SSH port 22 to
the world. Click Review and Launch.

Fig 9.7

10. Review Instance Launch and click Launch

Fig 9.8
 11. Select an existing key pair or create a new key pair dialog box, choose Create a new key
pair, enter a name for the key pair, and then choose Download Key Pair. This is the only
chance for you to save the private key file, so be sure to download it. Save the private key
file in a safe place. You can use C:\user\yourusername.ssh\myfirstkey.pem if you are on a
Windows machine, and ~/.ssh/myfirstkey.pem if you are on a Mac or Linux machine.
You need to provide the name of your key pair when you launch an instance, and the
corresponding private key each time you connect to the instance.

Fig 9.9

12. A confirmation page lets you know that your instance is launching. Choose View
Instances to close the confirmation page and return to the console.

On the Instances page, you can view the status of your instance. It takes a short time for an
instance to launch. When you launch an instance, its initial state is pending. After the instance
starts, its state changes to running, and it receives a public DNS name
 Experiment No. 10
Aim: To study more about Identity and Access Management in AWS and
learn how to set it up or use it.

Theory

“ AWS Identity and Access Management (IAM) provides fine-grained access control across all
of AWS. With IAM, you can specify who can access which services and resources, and under
which conditions. With IAM policies, you manage permissions to your workforce and systems to
ensure least-privilege permissions. ”

How it works

With IAM, you define who can access what by specifying fine-grained permissions. IAM then
enforces those permissions for every request. Access is denied by default and access is
granted only when permissions specify an "Allow."

Fig 10.1
AWS Identity and Access Management (IAM) is a web service that helps you securely control
access to AWS resources. You use IAM to control who is authenticated (signed in) and
authorized (has permissions) to use resources.

When you first create an AWS account, you begin with a single sign-in identity that has
complete access to all AWS services and resources in the account. This identity is called the
AWS account root user and is accessed by signing in with the email address and password that
you used to create the account. We strongly recommend that you do not use the root user for
your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using
the root user only to create your first IAM user. Then securely lock away the root user
credentials and use them to perform only a few account and service management tasks.

IAM features

IAM gives you the following features:

Shared access to your AWS account

You can grant other people permission to administer and use resources in your AWS
account without having to share your password or access key.

Granular permissions

You can grant different permissions to different people for different resources. For example,
you might allow some users complete access to Amazon Elastic Compute Cloud (Amazon
EC2), Amazon Simple Storage Service (Amazon S3), Amazon DynamoDB, Amazon Redshift,
and other AWS services. For other users, you can allow read-only access to just some S3
buckets, or permission to administer just some EC2 instances, or to access your billing
information but nothing else.

Secure access to AWS resources for applications that run on Amazon EC2

You can use IAM features to securely provide credentials for applications that run on
EC2 instances. These credentials provide permissions for your application to access other
AWS resources. Examples include S3 buckets and DynamoDB tables.
Multi-factor authentication (MFA)

You can add two-factor authentication to your account and to individual users for extra
security. With MFA you or your users must provide not only a password or access key to work
with your account, but also a code from a specially configured device.

Identity federation

You can allow users who already have passwords elsewhere—for example, in your corporate
network or with an internet identity provider—to get temporary access to your AWS account.

Identity information for assurance

If you use AWS CloudTrail, you receive log records that include information about those who
made requests for resources in your account. That information is based on IAM identities.

PCI DSS Compliance

IAM supports the processing, storage, and transmission of credit card data by a merchant or
service provider, and has been validated as being compliant with Payment Card Industry (PCI)
Data Security Standard (DSS). For more information about PCI DSS, including how to request a
copy of the AWS PCI Compliance Package, see PCI DSS Level 1.

Integrated with many AWS services

For a list of AWS services that work with IAM, see AWS services that work with IAM.

Components of IAM
 Fig 10.2

There are other basic components of IAM. First, we have the user; many users together form a
group. Policies are the engines that allow or deny a connection based on policy. Roles are
temporary credentials that can be assumed to an instance as needed.

Users
An IAM user is an identity with an associated credential and permissions attached to it. This
could be an actual person who is a user, or it could be an application that is a user. With IAM,
you can securely manage access to AWS services by creating an IAM user name for each
employee in your organization. Each IAM user is associated with only one AWS account. By
default, a newly created user is not authorized to perform any action in AWS. The advantage of
having one-to-one user specification is that you can individually assign permissions to each
user.

Groups
A collection of IAM users is an IAM group. You can use IAM groups to specify permissions for
multiple users so that any permissions applied to the group are applied to the individual users in
that group as well. Managing groups is quite easy. You set permissions for the group, and those
permissions are automatically applied to all the users in the group. If you add another user to the
group, the new user will automatically inherit all the policies and the permissions already
assigned to that group. This lessens the administrative burden.

Policies
An IAM policy sets permission and controls access to AWS resources. Policies are stored in
AWS as JSON documents. Permissions specify who has access to the resources and what
actions they can perform. For example, a policy could allow an IAM user to access one of the
buckets in Amazon S3. The policy would contain the following information:

1. Who can access it

2. What actions that user can take
3. Which AWS resources that user can access
4. When they can be accessed

In JSON format that would look like this:

Fig 10.3

There are two types of policies: managed policies and inline policies.
 1. A managed policy is a default policy that you attach to multiple entities (users,
groups, and roles) in your AWS account. Managed policies, whether they are AWS-
managed or customer-managed, are stand-alone identity-based policies attached to
multiple users and/or groups.
2. Inline policies are policies that you create that are embedded directly into a single
entity (user, group or role).
● Roles

An IAM role is a set of permissions that define what actions are allowed and denied by an entity
in the AWS console. It is similar to a user in that it can be accessed by any type of entity (an
individual or AWS service). Role permissions are temporary credentials.

First Steps

The following sections describe how to start using IAM, including how to secure an AWS
account, create IAM users, groups, and policies, and how to prepare for future growth and
change in AWS use. Securing the IAM Administrator Account Before granting users the access
they need, complete the following steps to move forward swiftly and securely.
1. Log in with the root account credentials, and configure baseline security settings according to
the AWS Secure Initial Account Setup Solution Brief.
2. Use the IAM console to create a customized console login address. A custom console
address will not only obscure the account number, but it will also provide a more user-friendly
URL for users to use when accessing the AWS console.
3. Create a password policy.
4. Create an IAM Administrators group and assign it the managed policy IAMFullAccess.
5. Create an IAM Administrator user and add it to the IAM Administrators group.
6. Create a password for the IAM Administrator user.
7. Add virtual MFA to the IAM Administrator user.
8. Log out of the account, and log back in using the custom console URL and the new IAM

Administrator credentials
 ● All new users and processes should now be set up using the new IAM Administrator
account. Lock away the root account credentials and hardware device until needed to
perform an account-level action that requires root credentials.
● Creating Users and Groups With new administrator credentials configured, it’s time to
apply the general best practices. This sounds simple in concept, but can be challenging
in actual execution–especially when starting out.
Here are some steps to help get started.
1. Identify the first person to be granted access to AWS infrastructure. Explicitly state
any associated business roles for that person. These business roles should be very
granular and a person can fulfill several business roles.
2. Create an IAM group for each business role
3. Identify the AWS permissions required to fulfill the tasks of each business role. Create
managed policies for each task and assign them to the appropriate group.
4. Create an IAM user for the person and assign it to the groups representing the appropriate
business roles. Assign a user name and password to the account. If this person needs to
use the CLI or other tools to access the AWS environment, create an access key as well.
5. Complete these steps for all subsequent users, mapping their roles to existing groups and
creating new groups if needed. Watch for situations where the second user fills only part
of an existing role and consider splitting the associated group into two groups.

Fig 10.4
This is how the table will look once you set up users and groups.