SUMMER INTERNSHIP REPORT

CLOUD COMPUTING VIRTUAL INTERNSHIP

And Supported by AWS academy

Submitted by

PARAMATA PRIYA MADHURI

Roll No: 206N1A0536

Department of Computer Science &Engineering

SRINIVASA INSTITUTE OF ENGINEERING&

TECHNOLOGY(Autonomous)
(Affiliated to JNTUK University,)
(Approved by AICTE / Accredited by NAAC )
NH-216 AMALAPURUM-KAKINADA HIGHWAY, CHEYYRRU(V), AMALAPURUM,
E.G. Dt-533216

1
 SRINIVASA
INSTITUTE OF ENGINEERING & TECHNOLOGY
(Approved by AICTE, New Delhi, Permanently affiliated to JNTUK, Kakinada)
(An ISO 9001:2015 Certified Institute, Accredited by NAAC with ‘A’ Grade)
NH-216, Amalapuram-Kakinada Highway, Cheyyeru(V), Amalapuram,
E.G.Dt.

CERTIFICATE

This is to certify that the VIRTUAL INTERNSHIP Entitled “CLOUD

VIRTUAL INTERNSHIP” is a bonafide work of PARAMATA PRIYA MADHURI , Bearing Roll No:
206N1A0536 submitted in partial fulfilment of the requirement for the award of the degree of BACHELOR
OF TECHNOLOGY IN COMPUTER SCIENCE AND ENGINEERING during the academic year 2022-
2023. This is further certified that the work done under my guidance, and the results of this work have not been
submitted elsewhere for the award of any of the degrees.

Internal Guide External Examiner Head of the Department

2
INTERNSHIP CERTIFICATES

3
4
 ACKNOWLEDGEMENT

It is a great privilege and duty to acknowledge that the kind help and guidance
received from several people during this internship, it would not have been
possible without their valuable help, cooperation and guidance. I wish to
record my sincere gratitude to professor Chaitanya for his constant support and
I would like to thank AICTE, AWS academy and Edu Skills foundation for
providing me with an valuable learning experience as a cloud developer intern
and I have gained much practical knowledge about Cloud computing and their
contributions and technical support are greatly acknowledged. I would also
like to thank all my classmates who have extended their cooperation during my
internship.

5
 PARAMATA PRIYA MADHURI
(206N1A0536)

CONFIRMATION MAIL

6
 CONTENTS
S.NO TOPIC PAGE NO
7
1. Certificates

 College 2
 AICTE 3
 APSCHE 4

2.
Acknowledgement
5

3.
Confirmation mail
6

4. Abstract 8,9

5. Introduction 10-13

6. Amazon Web Services

 EC2 14,15

7. S3(Storage)

 Storage Management 16,17

 Access Management and
Security 18-20

8. Amazon SNS 21,22

9. AWS Lambda 23

10. AWS IAM 24-26

11. Screenshots 27,28

12. Internship Outcomes 29

13. Conclusion 29

14. References 30

8
 ABSTRACT
AWS is a comprehensive cloud computing platform that
empowers businesses to harness the benefit of the cloud, It’s vast array of services,
global Amazon Web Services (AWS) is a comprehensive cloud computing platform
that offers a wide range of services to help organizations build, deploy, and manage
applications and infrastructure in the cloud. AWS provides scalable and flexible
solutions that cater to the needs of businesses of all sizes, from startups to enterprise-
level organizations. The core services offered by AWS include computing power with
Amazon EC2, storage with Amazon S3, and databases with Amazon RDS.
Additionally, AWS offers a multitude of services to support various aspects of cloud
computing, such as networking, security, machine Leaming, analytics, and lot. These
services enable businesses to leverage the power of the cloud to innovate, reduce
costs, and scale their operations efficiently.

AWS provides a global infrastructure comprising multiple

regions and availability zones, ensuring high availability and fault tolerance for
applications and data. This global reach allows organizations to deploy their
applications closer to their end-users, providing low latency and improved
performance. With AWS, organizations can benefit from a pay-as-you-go pricing
model, allowing them to only pay for the resources they use. This flexibility makes it
cost-effective for businesses to experiment, develop, and deploy their applications
without upfront investments in hardware infrastructure. Moreover, AWS offers a
robust set of management tools that automate processed simplify administration and
enhance operational efficiency. These tools enable businesses to mohite secure, and
optimize their AWS resources, ensuring reliable and secure operation of the
applications.

AWS is a comprehensive cloud computing platform that

empowers business to harness the benefit of the cloud, its vast array of services,
global infrastructure, cost-effectiveness, and management tool make it a popular
choice for organizations seeking to accelerate innovation, improve scalability, and
enhance their overall IT infrastructure.

9
 Learning Objectives/Internship Objectives

Internships are generally thought of to be reserved for college students

looking to gain experience in a particular field. However, a wide array of people can
benefit from Training Internships in order to receive real world experience and
develop their skills.

An objective for this position should emphasize the skills we already

possess in the area.

10
INTRODUCTION:

Edu Skills, short for Educational Skills, refers to the competencies and abilities that
are developed through education and learning. These skills encompass a wide range of
cognitive, social, emotional, and practical abilities that are essential for success in
academic settings, professional environments, and personal growth.
VISION:
Edu Skills envisions a world where every individual has access to high-quality
education and develops essential skills for success in the 21st century. Our vision is
centered around empowering individuals to thrive in an ever evolving and
interconnected global society.
MISSION:
The mission of EDUSKILLS is to empower individuals with the necessary skills and
knowledge to thrive in the ever-changing world of education and beyond. We are
committed to equipping learners of all ages with a comprehensive set of skills that go
beyond academic knowledge, enabling them to succeed in their personal, academic,
and professional pursuits. There mission is driven by the belief that education is not
limited to textbooks and traditional classroom learning. We recognize the need for a
holistic approach that incorporates cognitive, social, emotional, and practical skills to
prepare individuals for the challenges and opportunities they will encounter
throughout their lives.
BUSSINESS PROFILE:
EDUSKILLS is an innovative and forward-thinking company that focuses on
providing comprehensive educational solutions and developing essential skills for
individuals of all ages. Our mission is to empower learners with the knowledge, skills,
and competencies necessary to thrive in today's rapidly evolving world.

11
Services:
1. Skills Development Programs:
We have a wide range of skills development programs designed to enhance cognitive,
communication, and critical thinking abilities. Our programs are tailored to meet the
specific needs of learners across different age groups, from students to professionals.
2. Curriculum Design and Consultation:
EDUSKILLS provides curriculum design and consultation services to educational
institutions, helping them align their programs with the latest educational trends and
industry requirements. We work closely with educators to develop engaging and
effective curricula that foster 21st-century skills.
3. Professional Development Workshops:
We conduct professional development workshops for educators, equipping them with
the tools and techniques to deliver high-quality education and facilitate skill
development in their classrooms. These workshops focus on innovative teaching
methods, technology integration, and fostering a conducive learning environment.
4.Educational Technology Solutions:
EDUSKILLS offers cutting-edge educational technology solutions that enhance the
learning experience and promote digital literacy. Our solutions include interactive
learning platforms, educational apps, and virtual reality experiences, ensuring
engaging and immersive learning environments.
5. Assessments and Evaluations:
We provide assessments and evaluations to gauge the proficiency and progress of
learners. Our assessments cover various domains, including cognitive skills, digital
literacy, and subject-specific knowledge. These evaluations assist in identifying areas
of improvement and tailoring educational interventions accordingly.6. Career
Development Services: EDUSKILLS offers career development services, including
career counselling, resume building, and interview preparation. We assist individuals
in identifying their strengths, exploring career options, and developing the necessary
skills to succeed in their chosen fields.

12
WORK ASSIGNMENT:
WEEK 1
Self-Paced learning that covers AWS Fundamentals
1. AWS Basics – Fundamentals
2. AWS Basics – Elasticity and Management Tools
3. AWS Advanced – Identity and Access Management and Database Service
4. AWS Advanced – Other AWS PaaS Services

WEEK 2
AWS Basics – Fundamentals
1. What is Cloud? Introduction to Cloud Computing.
2. Different types of Cloud-Public /Private/Hybrid
3. Different Cloud as a Service (IaaS/PaaS/SaaS)
4. Introduction to AWS
5. Amazon Virtual Private Cloud (VPC) concepts, including subnets, Route Tables,
security and networking.
6. VPC Peering, Direct Connect Establishment7.AWS VPN Setup8.NAT Gateway and
Endpoint Connection, TGW9.Amazon EC2 Instances.10.Security groups, Elastic IP,
Key Pair.

WEEK 3
AWS Basics – Elasticity and Management Tools

1. Auto Scaling concepts

2. Elastic Load Balancing concepts
3. AWS Management Tools
4. AWS Storage – S3,
Glacier.
5. CloudFormation.

13
WEEK 4
AWS Advanced – Identity and Access Management and Database Services.
1. AWS Identity and Access Management (IAM) concepts.
2. Multifactor Authentication, Certificate Manager, KMS.
3. Amazon Relational Database Service concepts
4. Amazon DynamoDB concepts.
5. Linux Basics and Shell Script basics
6. SNS, SQS, SES
7. Lambda and API Gateway
8. CloudTrail, Config and Trusted Advisor
9. CDK.

14
Amazon Web Services:

AWS, short for Amazon Web Services, is a comprehensive cloud computing

platform offered by Amazon. It provides a wide range of on-demand cloud
services, including computing power, storage, databases, networking, analytics,
machine learning, and more.

AWS offers a global infrastructure that spans multiple regions and availability
zones, ensuring high availability and scalability for applications and data. It
allows businesses to easily deploy and manage their applications, reducing the
need for upfront investments in hardware and infrastructure.
How AWS works
Aws is divided into various services, each of which can be customized according on
the requirements of the user. An AWS service's configuration settings and individual
server mappings should be visible to users.

Services

15
EC2

Amazon EC2 (Elastic Compute Cloud) is a fundamental service provided by AWS that o ers
resizable compute capacity in the cloud. EC2 allows businesses to provision virtual servers, known
as instances, and scale them up or down based on demand. With EC2, users have full control over
their computing resources, including the choice of instance types, operating systems, and
applications to run. EC2 instances provide a wide range of options to cater to diverse computing
needs. Users can select instances optimized for general-purpose computing, memory-intensive
workloads, high-performance computing, or accelerated computing for machine learning and GPU-
intensive tasks. This flexibility allows businesses to tailor their computing environment to match
specific requirements, optimizing performance and cost e ciency.

Features of Amazon EC2

Amazon EC2 provides the following high-level features:

Instances Virtual servers.

Amazon Machine Images (AMIs) Preconfigured templates for your instances that package the
components you need for your server (including the operating system and additional software).

Instance types Various configurations of CPU, memory, storage, networking capacity, and graphics
hardware for your instances.

Key pairs Secure login information for your instances. AWS stores the public key and you store the
private key in a secure place.

Instance store volumes Storage volumes for temporary data that is deleted when you stop,
hibernate, or terminate your instance.
16
Amazon EBS volumes Persistent storage volumes for your data using Amazon Elastic Block Store
(Amazon EBS).

Regions, Availability Zones, Local Zones, AWS Outposts, and Wavelength Zones Multiple
physical locations for your resources, such as instances and Amazon EBS volumes.

Security groups A virtual firewall that allows you to specify the protocols, ports, and source IP
ranges that can reach your instances, and the destination IP ranges to which your instances can
connect.

Elastic IP addresses Static IPv4 addresses for dynamic cloud computing.

Tags Metadata that you can create and assign to your Amazon EC2 resources.

Virtual private clouds (VPCs)Virtual networks you can create that are logically isolated from the
rest of the AWS Cloud. You can optionally connect these virtual networks to your own network.

S3 (storage)

Storage classes

Amazon S3 offers a range of storage classes designed for different use cases. For example, you can
store mission-critical production data in S3 Standard or S3 Express One Zone for frequent access,
17
save costs by storing infrequently accessed data in S3 Standard-IA or S3 One Zone-IA, and archive
data at the lowest costs in S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3
Glacier Deep Archive.

Amazon S3 Express One Zone is a high-performance, single-zone Amazon S3 storage class that is
purpose-built to deliver consistent, single-digit millisecond data access for your most latency-
sensitive applications. S3 Express One Zone is the lowest latency cloud object storage class
available today, with data access speeds up to 10x faster and with request costs 50 percent lower
than S3 Standard. S3 Express One Zone is the first S3 storage class where you can select a single
Availability Zone with the option to co-locate your object storage with your compute resources,
which provides the highest possible access speed. Additionally, to further increase access speed and
support hundreds of thousands of requests per second, data is stored in a new bucket type: an
Amazon S3 directory bucket. For more information, see What is S3 Express One Zone? and
Directory buckets.

You can store data with changing or unknown access patterns in S3 Intelligent-Tiering, which
optimizes storage costs by automatically moving your data between four access tiers when your
access patterns change. These four access tiers include two low-latency access tiers optimized for
frequent and infrequent access, and two opt-in archive access tiers designed for asynchronous access
for rarely accessed data.

For more information, see Using Amazon S3 storage classes. For more information about S3 Glacier
Flexible Retrieval, see the Amazon S3 Glacier Developer Guide.

Storage management

Amazon S3 has storage management features that you can use to manage costs, meet regulatory
requirements, reduce latency, and save multiple distinct copies of your data for compliance
requirements.

S3 Lifecycle – Configure a lifecycle configuration to manage your objects and store them cost
effectively throughout their lifecycle. You can transition objects to other S3 storage classes or
expire objects that reach the end of their lifetimes.
S3 Object Lock – Prevent Amazon S3 objects from being deleted or overwritten for a fixed
amount of time or indefinitely. You can use Object Lock to help meet regulatory requirements

18
 that require write-once-read-many (WORM) storage or to simply add another layer of protection
against object changes and deletions.
S3 Replication – Replicate objects and their respective metadata and object tags to one or more
destination buckets in the same or different AWS Regions for reduced latency, compliance,
security, and other use cases.
S3 Batch Operations – Manage billions of objects at scale with a single S3 API request or a few
clicks in the Amazon S3 console. You can use Batch Operations to perform operations such as
Copy, Invoke AWS Lambda function, and Restore on millions or billions of objects.

Access management and security

Amazon S3 provides features for auditing and managing access to your buckets and objects. By
default, S3 buckets and the objects in them are private. You have access only to the S3 resources that
you create. To grant granular resource permissions that support your specific use case or to audit the
permissions of your Amazon S3 resources, you can use the following features.

S3 Block Public Access – Block public access to S3 buckets and objects. By default, Block
Public
Access settings are turned on at the bucket level. We recommend that you keep all Block Public
Access settings enabled unless you know that you need to turn off one or more of them for your
specific use case. For more information, see Configuring block public access settings for your
S3 buckets.
AWS Identity and Access Management (IAM) – IAM is a web service that helps you securely
control access to AWS resources, including your Amazon S3 resources. With IAM, you can
centrally manage permissions that control which AWS resources users can access. You use IAM
to control who is authenticated (signed in) and authorized (has permissions) to use
resources. Bucket policies – Use IAM-based policy language to configure resource-based
permissions for your S3 buckets and the objects in them.
Amazon S3 access points – Configure named network endpoints with dedicated access
policies to manage data access at scale for shared datasets in Amazon S3.
Access control lists (ACLs) – Grant read and write permissions for individual buckets and objects
to authorized users. As a general rule, we recommend using S3 resource-based policies (bucket
policies and access point policies) or IAM user policies for access control instead of ACLs.
Policies are a simplified and more flexible access control option. With bucket policies and access
point policies, you can define rules that apply broadly across all requests to your Amazon S3
resources. For more information about the specific cases when you'd use ACLs instead of
resource-based policies or IAM user policies, see Access policy guidelines.
S3 Object Ownership – Take ownership of every object in your bucket, simplifying access
management for data stored in Amazon S3. S3 Object Ownership is an Amazon S3 bucket-level
setting that you can use to disable or enable ACLs. By default, ACLs are disabled. With ACLs
disabled, the bucket owner owns all the objects in the bucket and manages access to data
exclusively by using access-management policies.
IAM Access Analyzer for S3 – Evaluate and monitor your S3 bucket access policies, ensuring
that the policies provide only the intended access to your S3 resources.

19
Data processing
To transform data and trigger workflows to automate a variety of other processing activities at scale,
you can use the following features.

S3 Object Lambda – Add your own code to S3 GET, HEAD, and LIST requests to modify and
process data as it is returned to an application. Filter rows, dynamically resize images, redact
confidential data, and much more.
Event notifications – Trigger workflows that use Amazon Simple Notification Service (Amazon
SNS), Amazon Simple Queue Service (Amazon SQS), and AWS Lambda when a change is
made to your S3 resources.

Storage logging and monitoring

Amazon S3 provides logging and monitoring tools that you can use to monitor and control how your
Amazon S3 resources are being used. For more information, see Monitoring tools.

Automated monitoring tools

Amazon CloudWatch metrics for Amazon S3 – Track the operational health of your S3
resources and configure billing alerts when estimated charges reach a user-defined threshold.
AWS CloudTrail – Record actions taken by a user, a role, or an AWS service in Amazon S3.
CloudTrail logs provide you with detailed API tracking for S3 bucket-level and object-level
operations.

Manual monitoring tools

Server access logging – Get detailed records for the requests that are made to a bucket. You can
use server access logs for many use cases, such as conducting security and access audits,

learning about your customer base, and understanding your Amazon S3 bill.
AWS Trusted Advisor – Evaluate your account by using AWS best practice checks to identify
ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and
monitor service quotas. You can then follow the recommendations to optimize your services and
resources.

Analytics and insights

Amazon S3 offers features to help you gain visibility into your storage usage, which empowers you
to better understand, analyze, and optimize your storage at scale.

Amazon S3 Storage Lens – Understand, analyze, and optimize your storage. S3 Storage Lens
provides 60+ usage and activity metrics and interactive dashboards to aggregate data for your
entire organization, specific accounts, AWS Regions, buckets, or prefixes.
Storage Class Analysis – Analyze storage access patterns to decide when it's time to move
data to a more cost-effective storage class.
S3 Inventory with Inventory reports – Audit and report on objects and their corresponding
metadata and configure other Amazon S3 features to take action in Inventory reports. For example,
20
 you can report on the replication and encryption status of your objects. For a list of all the
metadata available for each object in Inventory reports, see Amazon S3 Inventory list.

Strong consistency

Amazon S3 provides strong read-after-write consistency for PUT and DELETE requests of objects
in your Amazon S3 bucket in all AWS Regions. This behavior applies to both writes of new objects
as well as PUT requests that overwrite existing objects and DELETE requests. In addition, read
operations on Amazon S3 Select, Amazon S3 access control lists (ACLs), Amazon S3 Object Tags,
and object metadata (for example, the HEAD object) are strongly consistent. For more information,
see Amazon S3 data consistency model.

How Amazon S3 works

Amazon S3 is an object storage service that stores data as objects within buckets. An object is a file
and any metadata that describes the file. A bucket is a container for objects.

To store your data in Amazon S3, you first create a bucket and specify a bucket name and AWS
Region. Then, you upload your data to that bucket as objects in Amazon S3. Each object has a key
(or key name), which is the unique identifier for the object within the bucket.

S3 provides features that you can configure to support your specific use case. For example, you can
use S3 Versioning to keep multiple versions of an object in the same bucket, which allows you to
restore objects that are accidentally deleted or overwritten.

Buckets and the objects in them are private and can be accessed only if you explicitly grant access
permissions. You can use bucket policies, AWS Identity and Access Management (IAM) policies,
access control lists (ACLs), and S3 Access Points to manage access.

21
Amazon SNS

Amazon Simple Notification Service (Amazon SNS) is a managed service that provides message delivery
from publishers to subscribers (also known as producers and consumers). Publishers communicate
asynchronously with subscribers by sending messages to a topic, which is a logical access point and
communication channel. Clients can subscribe to the SNS topic and receive published messages using a
supported endpoint type, such as Amazon Kinesis Data Firehose, Amazon SQS, AWS Lambda, HTTP, email,
mobile push notifications, and mobile text messages (SMS).

Features and capabilities

PDFRSS

Amazon SNS provides the following features and capabilities:

Application-to-application messaging

Application-to-application messaging supports subscribers such as Amazon Kinesis Data

Firehose delivery streams, Lambda functions, Amazon SQS queues, HTTP/S endpoints, and AWS
Event Fork Pipelines. For more information, see Using Amazon SNS for application-toapplication
(A2A) messaging. Application-to-person notifications

22
Application-to-person notifications provide user notifications to subscribers such as mobile applications,
mobile phone numbers, and email addresses. For more information, see Using Amazon SNS for
application-to-person (A2P) messaging.
Standard and FIFO topics
Use a FIFO topic to ensure strict message ordering, to define message groups, and to prevent
message duplication. You can use both FIFO and standard queues to subscribe to a FIFO topic.
For more information, see Message ordering and deduplication (FIFO topics).
Use a standard topic when message delivery order and possible message duplication are
not critical. All of the supported delivery protocols can subscribe to a standard topic.
Message durability
Amazon SNS uses a number of strategies that work together to provide message
durability: Published messages are stored across multiple, geographically separated
servers and data centers.
If a subscribed endpoint isn't available, Amazon SNS runs a delivery retry policy.
To preserve any messages that aren't delivered before the delivery retry policy ends, you
can create a dead-letter queue.
Message archiving, replay, and analytics
You can archive messages with Amazon SNS in multiple ways including subscribing Kinesis
Data Firehose delivery streams to SNS topics, which allows you to send notifications to
analytics endpoints such as Amazon Simple Storage Service (Amazon S3) buckets, Amazon
Redshift tables, and more. Additionally, Amazon SNS FIFO topics support message archiving
and replay as a no-code, in-place message archive that lets topic owners store (or archive)
messages within their topic. Topic subscribers can then retrieve (or replay) the archived
messages back to a subscribed endpoint. For more, see Message archiving and replay for FIFO
topics.
Message attributes
Message attributes let you provide any arbitrary metadata about the message. Amazon SNS
message attributes.
Message filtering
By default, each subscriber receives every message published to the topic. To receive a subset
of the messages, a subscriber must assign a filter policy to the topic subscription. A subscriber can
also define the filter policy scope to enable payload-based or attribute-based filtering. The default
value for the filter policy scope is MessageAttributes. When the incoming message attributes
match the filter policy attributes, the message is delivered to the subscribed endpoint. Otherwise,
the message is filtered out. When the filter policy scope is MessageBody, filter policy attributes
are matched against the payload. For more information, see Amazon SNS message filtering.
Message security
Server-side encryption protects the contents of messages that are stored in Amazon SNS
topics, using encryption keys provided by AWS KMS. For more information, see Encryption
at rest. You can also establish a private connection between Amazon SNS and your virtual
private cloud (VPC). for more information, see Internetwork traffic privacy.

23
AWS Lambda

How AWS Lambda Works?

✔ Run code without provisioning or managing servers, creating workload-aware cluster scaling
logic, maintaining event integrations, or managing runtimes.

✔ Run code for virtually any type of application or backend service. Just upload your code as a
ZIP file or container image, and Lambda automatically allocates compute execution power and
runs your code based on the incoming request or event, for any scale of traffic.

✔ Write Lambda functions in your favorite language (Node.js, Python, Go, Java, and more) and
use both serverless and container tools, such as AWS SAM or Docker CLI, to build, test, and
deploy your functions.

Use Cases
Web Applications

By combining AWS Lambda with other AWS services, developers can build powerful web applications that
automatically scale up and down and run in a highly available configuration across multiple data centers –

24
with zero administrative effort required for scalability, back-ups, or multi-data center redundancy. Machine
Learning

You can use AWS Lambda to preprocess data before feeding it to your machine learning model.
With Lambda access to EFS, you can also serve your model for prediction at scale without having
to provision or manage any infrastructure. Data Processing

Execute code in response to triggers such as changes in data, shifts in system state, or actions by
users. Lambda can be triggered by AWS services such as S3, DynamoDB, Kinesis, or SNS, and can
connect to existing EFS file systems or into workflows with AWS Step Functions. This allows you
to build a variety of real-time serverless data processing systems.

AWS IAM

What is IAM?

AWS Identity and Access Management (IAM) is a web service that helps you securely control
access to AWS resources. With IAM, you can centrally manage permissions that control which AWS
resources users can access. You use IAM to control who is authenticated (signed in) and authorized
(has permissions) to use resources.

When you create an AWS account, you begin with one sign-in identity that has complete access to
all AWS services and resources in the account. This identity is called the AWS account root user and
is accessed by signing in with the email address and password that you used to create the account.
We strongly recommend that you don't use the root user for your everyday tasks. Safeguard your
root user credentials and use them to perform the tasks that only the root user can perform. For the
complete list of tasks that require you to sign in as the root user, see Tasks that require root user
credentials.

25
How IAM works

IAM provides the infrastructure necessary to control authentication and authorization for your AWS
account. The IAM infrastructure is illustrated by the following diagram:

First, a human user or an application uses their sign-in credentials to authenticate with AWS.
Authentication is provided by matching the sign-in credentials to a principal (an IAM user, federated
user, IAM role, or application) trusted by the AWS account.

Next, a request is made to grant the principal access to resources. Access is granted in response to an
authorization request. For example, when you first sign in to the console and are on the console
Home page, you are not accessing a specific service. When you select a service, the request for
authorization is sent to that service and it looks to see if your identity is on the list of authorized
users, what policies are being enforced to control the level of access granted, and any other policies
that might be in effect. Authorization requests can be made by principals within your AWS account
or from another AWS account that you trust.

Once authorized, the principal can take action or perform operations on resources in your AWS
account. For example, the principal could launch a new Amazon Elastic Compute Cloud instance,
modify IAM group membership, or delete Amazon Simple Storage Service buckets.

IAM features

IAM gives you the following features:

Shared access to your AWS accountYou can grant other people permission to administer and use
resources in your AWS account without having to share your password or access key.

Granular permissionsYou can grant different permissions to different people for different
resources.
For example, you might allow some users complete access to Amazon Elastic Compute Cloud
(Amazon EC2), Amazon Simple Storage Service (Amazon S3), Amazon DynamoDB, Amazon

26
Redshift, and other AWS services. For other users, you can allow read-only access to just some S3
buckets, or permission to administer just some EC2 instances, or to access your billing information
but nothing else.

Secure access to AWS resources for applications that run on Amazon EC2You can
use IAM features to securely provide credentials for applications that run on EC2
instances. These credentials provide permissions for your application to access other
AWS resources. Examples include S3 buckets and DynamoDB tables.

Multi-factor authentication (MFA)You can add two-factor authentication to your

account and to individual users for extra security. With MFA you or your users must
provide not only a password or access key to work with your account, but also a code
from a specially configured device. If you already use a FIDO security key with other
services, and it has an AWS supported configuration, you can use Webathons for MFA
security. For more information, see Supported configurations for using FIDO security
keys.

Identity federation You can allow users who already have passwords elsewhere—for
example, in your corporate network or with an internet identity provider—to get
temporary access to your AWS account.

Identity information for assurance If you use AWS CloudTrail, you receive log
records that include information about those who made requests for resources in your
account. That information is based on IAM identities.

PCI DSS Compliance IAM supports the processing, storage, and transmission of
credit card data by a merchant or service provider and has been validated as being
compliant with Payment Card Industry (PCI) Data Security Standard (DSS). For more
information about PCI DSS, including how to request a copy of the AWS PCI
Compliance Package, see PCI DSS Level 1.

Integrated with many AWS servicesFor a list of AWS services that work with IAM,
see AWS services that work with IAM.

27
SCREENSHOTS:

28
29
INTERNSHIP OUTCOMES:
• The internship provides possible opportunities to learn, understand and sharpen the
real time technical managerial skills required at the job.
• It helps to know the current technological developments relevant to Cloud
Computing
• Promote academic, professional and/or personal development.
• Helps to understand the social, economic and administrative considerations that
influence the working environment of industrial organizations.
• It gives an opportunity to learn strategies like time management. multitasking etc. in
an industrial setup.
• It helps to see how the theoretical aspects learned in classes are integrated into the
practical world, as on-floor experience provides much more professional experience
which is often worth more than classroom teaching.

CONCLUSION:
My virtual internship experience in cloud computing has been both enriching
and transformative. Over the course of the internship, I have gained valuable insights
into the practical applications of cloud technologies, honed my technical skills, and
developed a deeper understanding of the industry's best practices.

This internship was a fantastic and fulfilling experience. It goes without saying that
the technical components of the work I've done might be enhanced given enough
time. As a complete notice, I feel that the time I invested in learning and researching
was well worth it and helped to identify a workable solution for creating a fully
functional web service.

30
REFERENCES:

 www.awsacademy.com
 https://pages.awscloud.com
 www.google.com
 www.chatgpt.com
 www.linked.in.com
 https://aws.amazon.com

31