Cloud For Developers

Back to Cloud For Developers Labs

Objectives
Lab Details
  1. Create 3 IAM Users: user-1, user-2, user-3
  2. Create 3 IAM Groups: S3-ADMIN, S3-SUPPORT, EC2-SUPPORT.
  3. Attach the following policies to the groups created in the previous step:
    • S3-ADMIN - AmazonS3FullAccess
    • S3-SUPPORT - AmazonS3ReadOnlyAccess
    • EC2-SUPPORT - AmazonEC2ReadOnlyAccess
  4. Assign the following user/group roles:
    • user-1 should belong to the S3-ADMIN group
    • user-2 should belong to the S3-SUPPORT group
    • user-3 should belong to the EC2-SUPPORT group

    Take a screenshot of the groups showing the users belonging to each group.

  5. Sign in and verify the accounts have the correct permissions. NOTE: you will need to use a private window or user credentials will get cached in the browser.
    • Use the account "user-1" to create a new s3 bucket. Upload a .txt file into the bucket.

      Take a screenshot showing the new bucket containing the .txt file.

    • Use the account "user-2" to try to create another new s3 bucket. Since this user is part of the S3-SUPPORT group, they have access to list the buckets and view the contents. They cannot create a new bucket.

      Take a screenshot of the error message.

    • Use the account "user-3" to try to a new EC2 instance. Make sure that you are using a "free-tier eligible" EC2 instance in case something in your groups/users is setup incorrectly. If your users/groups are setup properly, you should not be able to create an new EC2 instance.

      Take a screenshot of the error message.

What did I learn?