In this task you will explore the Users and Groups that have already been created for you in IAM.
- In the AWS Management Console, on the Search for services input box look for IAM.
- In the navigation pane on the left, click Users.
- Click on your username.
This will bring to a summary page for user. The Permissions tab will be displayed.
- Review your permissions.
- Click the Groups tab.
- Click on the name of the attached IAM policy (it should open in the new browser tab).
- In the Permissions tab clik on {}JSON button.
- As you can see, you have a full permission to all resources.
- Got back the the browser tab with your IAM user.
- Click the Security credentials tab.
Info
You will find that Console Access in enabled.
- Do you have Access key: (Yes/No)
- In the navigation pane on the left, click User groups.
Info
There is a group already created for you: S3-LogAudit.
- Click the S3-LogAudit group. This will bring you to the summary page for the S3-LogAudit group.
- Click the Permissions tab.
Info
This group has a Managed Policy associated with it, called AmazonS3ReadOnlyAccess. Managed Policies are pre-built policies (built either by AWS or by your administrators) that can be attached to IAM Users and Groups. When the policy is updated, the changes to the policy are immediately apply against all Users and Groups that are attached to the policy.
- Click the + button on left of AmazonS3ReadOnlyAccess name.
Info
A policy defines what actions are allowed or denied for specific AWS resources. This policy is granting permission to List and Get object from S3. This ability to view resources, but not modify them, is ideal for assigning to an Audit role.
- In the navigation pane on the left, click Account settings.
- Review Password Policy
Question ??
Try find an answer for the following questions:
1. What is Minimum password lenght ?
2. Is it possible to reuse a password: (Yes/No)
1. What is Minimum password lenght ?
2. Is it possible to reuse a password: (Yes/No)
