MGS 618: Cloud Computing

Lab 1
Introduction to AWS IAM
This lab focuses on AWS Identity and Access Management (IAM), a web service that enables
AWS customers to manage users and user permissions in AWS. The lab begins with a
demonstration of exploring pre-created IAM users and groups and inspecting IAM policies as
applied to the pre-created groups. It follows a real-world scenario, adding users to groups with
specific capabilities enabled, locating and using the IAM sign-in URL and experimenting with the
effects of policies on service access. IAM can be used to manage IAM users and their access,
manage IAM roles and their permissions, and manage federated users and their permissions.
Make sure you take screenshots of your steps to add to your report.
This lab is to be completed on AWS Academy Portal, you can find it in under Module 4 – AWS
Cloud Security. You can begin by click Start Lab and once the environment is ready click on
AWS. It will show you ways to access the lab environment. For ease of use there is an option
labelled AWS SSO which will provide you with a secure url.
Note: Each lab session exists for only 2 hours, and after each session the lab gets destroyed and
you have to start over again.
Background
AWS Identity and Access Management (IAM) is a service offered by Amazon Web Services
(AWS) that allows you to manage access to AWS resources securely. IAM provides a centralized
way to control access to AWS services and resources, such as EC2 instances, S3 buckets, and RDS
databases. With IAM, you can create and manage AWS users, groups, and roles, and assign
specific permissions to these entities. This allows you to control who can access your AWS
resources, and what actions they can perform. IAM integrates with many other AWS services and
is a fundamental building block for securing your AWS infrastructure. By using IAM, you can
ensure that only authorized users and applications have access to your AWS resources, which helps
to maintain the confidentiality, integrity, and availability of your data.
Deliverables
1. Imagine you are an administrator managing the IAM users and groups for a large
organization. What are some challenges you might face in assigning and managing
permissions for a large number of users and groups?

2. Think about a real-world scenario in which you might need to assign permissions to users
and groups in AWS IAM. Describe the process you would follow to ensure that each user
has the appropriate level of access to AWS resources while maintaining security.

3. How do IAM policies work in AWS IAM, and what are the effects of policies on service
access? Can you give an example of a policy and explain its basic structure?
 MGS 618: Cloud Computing

4. In this lab, you were given pre-created IAM users and groups. What are some ways in
which you could create your own IAM users and groups, and how might you manage their
permissions?

5. What is the difference between a managed policy and an inline policy in AWS IAM, and
in what situations might you choose to use one over the other?

6. What is the difference between a user and a role in AWS IAM?

7. Can you explain the concept of least privilege and how it relates to AWS IAM?

8. How can you use IAM groups to manage permissions for multiple users, and what are some
best practices for using IAM groups?

9. Provide a brief executive summary of the lab you completed along with screenshots.