AWScloud~30 mins

IAM best practices in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

IAM Best Practices Setup

📖 Scenario: You are setting up AWS Identity and Access Management (IAM) for a small company. The company wants to follow best practices to keep their cloud resources secure.You will create an IAM user, assign a group with limited permissions, and enable multi-factor authentication (MFA) for extra security.

🎯 Goal: Build a secure IAM setup by creating an IAM user, an IAM group with specific permissions, attaching the user to the group, and enabling MFA for the user.

📋 What You'll Learn

Create an IAM user named developer

Create an IAM group named ReadOnlyGroup with the AWS managed policy ReadOnlyAccess

Add the developer user to the ReadOnlyGroup

Enable MFA for the developer user

💡 Why This Matters

🌍 Real World

Companies use IAM to control who can access their cloud resources and what actions they can perform. Following best practices helps keep data safe.

💼 Career

Understanding IAM basics is essential for cloud administrators and security engineers to manage user access securely.

Progress0 / 4 steps

Create IAM user developer

Write the AWS CLI command to create an IAM user named developer.

AWS

# Your AWS CLI command here to create user 'developer'

Need a hint?

Use the aws iam create-user command with the --user-name option.

Create IAM group ReadOnlyGroup with ReadOnlyAccess policy

Write the AWS CLI commands to create an IAM group named ReadOnlyGroup and attach the AWS managed policy ReadOnlyAccess to it.

AWS

# Your AWS CLI commands here to create group 'ReadOnlyGroup' and attach 'ReadOnlyAccess' policy

Need a hint?

First create the group with aws iam create-group, then attach the policy with aws iam attach-group-policy.

Add user developer to group ReadOnlyGroup

Write the AWS CLI command to add the IAM user developer to the IAM group ReadOnlyGroup.

AWS

aws iam create-user --user-name developer
aws iam create-group --group-name ReadOnlyGroup
aws iam attach-group-policy --group-name ReadOnlyGroup --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
# Your AWS CLI command here to add user 'developer' to group 'ReadOnlyGroup'

Need a hint?

Use aws iam add-user-to-group with the --user-name and --group-name options.

Enable MFA for user developer

Write the AWS CLI command to enable a virtual MFA device for the IAM user developer. Assume the MFA device ARN is arn:aws:iam::123456789012:mfa/developer.

AWS

aws iam create-user --user-name developer
aws iam create-group --group-name ReadOnlyGroup
aws iam attach-group-policy --group-name ReadOnlyGroup --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
aws iam add-user-to-group --user-name developer --group-name ReadOnlyGroup
# Your AWS CLI command here to enable MFA for user 'developer'

Need a hint?

Use aws iam enable-mfa-device with --user-name, --serial-number, and two consecutive MFA codes --authentication-code1 and --authentication-code2.