Difference between revisions of "Amazon Free AWS training in Stratford"
From MyWiki
| Line 62: | Line 62: | ||
Determine what users need to do and then craft policies for them that let the users perform only those tasks. | Determine what users need to do and then craft policies for them that let the users perform only those tasks. | ||
</source> | </source> | ||
| − | <source lang="text> | + | Create IAMS User |
| + | <source lang="text"> | ||
Create an AWS IAM user, attach a policy to the user, and generate access keys. | Create an AWS IAM user, attach a policy to the user, and generate access keys. | ||
Revision as of 19:23, 22 August 2019
'Bold text'EDX Course
Week 2 - Exercise 4
Create an AWS IAM policy In the AWS Management Console, click Services, then click IAM to open the IAM dashboard. In the left navigation menu, click Policies. Click Create policy. Click the JSON tab. In the editor textbox, completely replace the sample policy with the following.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Sid1",
"Effect": "Allow",
"Action": [
"iam:*",
"rds:*",
"sns:*",
"cloudformation:*",
"rekognition:*",
"ec2:*",
"cognito-idp:*",
"sqs:*",
"xray:*",
"s3:*",
"elasticloadbalancing:*",
"cloud9:*",
"lambda:*",
"tag:GetResources",
"logs:*",
"kms:ListKeyPolicies",
"kms:GenerateRandom",
"kms:ListRetirableGrants",
"kms:GetKeyPolicy",
"kms:ListResourceTags",
"kms:ReEncryptFrom",
"kms:ListGrants",
"kms:GetParametersForImport",
"kms:ListKeys",
"kms:GetKeyRotationStatus",
"kms:ListAliases",
"kms:ReEncryptTo",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}Click Review Policy. For Name, type edXProjectPolicy Click Create policy. You have successfully created an AWS IAM policy with full access to AWS IAM, Amazon EC2, Amazon S3, Amazon RDS, Amazon SNS, Amazon SQS, Amazon Rekognition, AWS Lambda, Amazon Cognito, AWS Cloud9, AWS X-Ray, and AWS CloudFormation. When you create IAM policies, follow the standard security advice of granting least privilege - that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks.
Create IAMS User
Create an AWS IAM user, attach a policy to the user, and generate access keys. In this section, you will create an AWS IAM user and attach the policy you just created to the user. You will then generate the access keys for the user. Those access keys will be used to make programmatic calls to AWS services via AWS CLI or APIs. If you are familiar with AWS IAM users, you may want to attempt to complete this section before reading the step-by-step instructions. AWS IAM user name: edXProjectUser Access type: Programmatic access and AWS Management Console access Policy: edXProjectPolicy Important: Download the .csv file with the access keys after creating the user. Also, make sure to click the Send email link to get the email instructions for signing in to the AWS Management Console as edXProjectUser. Reminder! Be sure to protect your AWS account access keys like you would your credit card numbers or any other sensitive secret. At the end of this exercise, you will not be using the access keys again. It is a security best practice to remove IAM user credentials that are not needed. After this exercise, make sure to remove the access keys only (not the AWS Console password) for the IAM user - edXProjectUser. See more IAM Best Practices. </text>
