🎯Day 9 of 100 Days AWS Cloud Challenge🎯

📚 Synopsis

In this blog, we will learn a step-by-step guide on creating an ADMIN Group, creating an IAM ADMIN User, and assigning a policy to grant full access to IAM, S3, VPC, and EC2. The instructions outline the necessary actions to set up administrative privileges for managing these services within an AWS environment.

📋 Prerequisites

• 📌 AWS Root Account.

• 📌 Internet Connection.

💡 Plan of Execution

• 📌 Introduction

• 📌How to create an ADMIN Group?

• 📌How to create an IAM ADMIN User?

• 📌How to assign policy to get full access only to IAM, S3, VPC, and EC2.

🥳 conclusion

💡 Plan of Execution:

. 📌 Introduction

The root user has full access to all AWS resources, so it is important to secure the root user account. The IAM Dashboard is used to manage IAM users and groups, and the IAM Admin group has full access to all IAM resources.

The IAM user that is used to develop and maintain the application should have only the permissions that are necessary to perform those tasks. The permissions for the IAM user can be managed in the IAM Dashboard.

📌How to create an ADMIN Group?

A step-by-step guide to creating an IAM Group from the root account.

1. Login to your AWS Root Account with your username and password. Make sure, MFA is enabled for the root account as an extra layer of protection.

2. From the AWS Console click in the search bar in the top left corner. Type “IAM” in the services search bar. Select IAM from the list.

3. Now, it will take us to the IAM Dashboard. We can see there are no users, groups, or Policies are created.

4. From the IAM Dashboard, on the left side corner under “Access management” choose the first option ‘User groups’ — This will allow us to create groups in IAM.

5. Click on the “Create group” button on the right side top corner.

6. In Create user group, we have three sections

• 📌 Name of the group: Enter the group name

• 📌 Add users to the group : We don’t have any users, so will create it later.

📌How to assign the policy to get full access only to IAM, S3, VPC and EC2.

• 📌Attach permission policies :

• 📌Search for IAMFullAccess, and ENTER, Tick the checkbox and Click on “clear filter” to select another policy.

• 📌Search for AmazonEC2FullAccess, and ENTER, Tick the checkbox and Click on “clear filter” to select another policy.

Note: We can observe that now 2 policies have been selected (IAM and EC2)

• 📌Search for AmazonVPCFullAccess, and ENTER, Tick the checkbox and Click on “clear filter” to select another policy.

Note: We can observe that now 3 policies have been selected (IAM, EC2, and VPC)

• 📌Search for CloudWatchFullAccess, and ENTER, Tick the checkbox and Click on “clear filter” to select another policy.

Note: We can observe that now 3 policies have been selected (IAM, EC2, VPC and CloudWatch)

• 📌 Click the “Create Group”

• 📌 Will see an Successful notification that Admin-Group has been created.

• 📌 Now, we can User group dashboard, with the Group Name, Users, Permissions and Creation time. Click on “Admin-Group” to see the details.

• 📌 We can see that 4 policies have been attached to the group.

📌How to create an IAM ADMIN User?

1. From the IAM Dashboard, on the left side corner under “Access management” choose the Second option ‘Users. Then, Click on the “Add Users” button in the top right side corner. This will allow us to create a user in IAM.

2. We have 4 steps to fulfill the request to create a user.

📌 STEP -1: Specify user details

• 📌Provide the username as per your wish and Select the “Checkbox” to provide user access to the management console. Then, select the “radio button” of “I want to create an IAM user”

• 📌 Under the “Console password” section, choose the “Autogenerated password”, and Tick on checkbox “Users must create a new password at next sign-in — Recommended” → This option, will allow users to change the password on their first login. Finally, click on “Next”

📌 STEP -2: Set permissions

• 📌Under Permission options, choose “Add user to group” → As we have already created the group and attached policies in previous steps, we are adding the user to the existing Admin-Group(tick the checkbox and the user gets Full access to IAM, EC2, VPC and CloudWatch. Click on “Next”.

📌 STEP -3: Review and create

• 📌Under the “Tags” section, enter “key” as “user” and “value” as “admin”. Then, click on “Create user”.

• Note: Tags help to make it easier to filter and search for resources, monitor cost and usage, and manage your AWS environment.

We can see a successful notification that the user has been created.

📌 STEP -4: Retrieve password

• 📌 Here, in this wizard we get the user’s console login credentials.

• Note: Download the file where it contains the username, password and console URL. → Being a Root user, We must share these details with the user so that the user can log in with these credentials.

Hurray, we have created a group, user and attached policies.

🥳 conclusion:

This article provides a comprehensive guide on creating an ADMIN Group, IAM ADMIN User, and assigning a policy to grant full access to IAM, S3, VPC, and EC2 within an AWS environment. By following the step-by-step instructions, users can establish administrative privileges and effectively manage these essential services. This information is valuable for individuals or organizations seeking to establish robust control and access management for their AWS resources.

Note: We are going to stop using the root account, and will continue further with the admin user

🙏Thanks for Reading 🙏

🌟 I want to express my heartfelt appreciation to every one of you who took the time to read my blog. I am truly grateful for your presence on this learning journey. 🌟

💡 I would also like to extend an open invitation for feedback. As I continue to share my knowledge and insights, I understand that growth comes from acknowledging and learning from our mistakes. So, if you spot any errors or have suggestions for improvement, I genuinely encourage you to correct me.

Please follow me for more such content😅