Managing AWS IAM User Permissions Using Groups and Policies

30 minutes
  • 2 Learning Objectives

About this Hands-on Lab

In this hands-on lab scenario, you are a security engineer working for a new startup that’s launching an online bookstore for rare and antique books. The founder, Kia, needs your help with setting up her development team with the proper access permissions. In order to provide access and ensure the proper security measures are in place, you will use AWS Identity & Access Management (IAM). You will group users and assign permissions for the developer group using policies.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a Customer-Managed Policy
  1. Navigate to IAM.
    1. In IAM Resources, click Users to view existing users.
    2. From the left dashboard menu, click Policies to create a new policy with developer access.
    3. Click Create policy.
    4. Click the Visual editor tab.
    5. For Service click Choose a service.
    6. In the search field, search for "dynamoDB", then click on DynamoDB.
    7. For Actions select *All DynamoDB actions (dynamodb:)* found under Manual actions*.
    8. For Resources select All resources.
    9. Click Add additional permissions.
    10. For Service click Choose a service.
    11. In the search field, search for "lambda", then click on Lambda.
    12. For Actions select *All Lambda actions (lambda:)* found under Manual actions*.
    13. For Resources select All resources.
    14. Click Add additional permissions.
    15. For Service click Choose a service.
    16. In the search field, search for "s3", then click on S3.
    17. For Actions select *All S3 actions (s3:)* found under Manual actions*.
    18. For Resources select All resources.
    19. Click Add additional permissions.
    20. For Service click Choose a service.
    21. In the search field, search for "api", then click on API Gateway.
    22. For Actions select *All API Gateway actions (apigateway:)* found under Manual actions*.
    23. For Resources select All resources.
    24. Click Add additional permissions.
    25. Click Next: Tags.
    26. Click Next: Review.
    27. Name the policy, "onlinebookstore-dev-developergroup-fullaccess-iam-policy".
    28. Click Create policy. (NOTE: If successfully created a green banner will appear on the top of the screen)
Create a Group Controlled via a Customer-Managed Policy and Assign Users to a Group
  1. From the left dashboard menu, select User groups.
  2. Click Create group.
  3. Enter the User group name "Developers".
  4. In the Add users to the group – Optional section, select the following User name:
    • developer-1
    • developer-2
    • developer-3
  5. In the Attach permissions policies- Optional section, select the policy we just created, "onlinebookstore-dev-developergroup-fullaccess-iam-policy".
  6. Click Create group.

Additional Resources

Please log in to the lab environment with the credentials provided. Make sure you are using the us-east-1 region throughout the lab.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?