In this task, you will test the permissions of the IAM User created in task 2.
- In the navigation pane on the left, click Dashboard.
Info
On righ side under AWS Account lookf for Sign-in URL for IAM users in this account.
It will look similar to: https://123456789012.signin.aws.amazon.com/console
This is the same link you already used to sign-in to the AWS Account.
It will look similar to: https://123456789012.signin.aws.amazon.com/console
This is the same link you already used to sign-in to the AWS Account.
- Copy the Sign-in URL for IAM users in this account link to the notepad.
- Open a web browser in a private mode.
- Paste the IAM users sign-in link into your private window and press Enter.
- Sign-in with:
- IAM user name: username created in task 2
- Password: password copied in task 2
- In the AWS Management Console, on the Search for services input box look for S3.
- Click the name of cloudpirates22 bucket and browse the contents.
Info
Since your user is part of the S3-LogAudit Group in IAM, they have permission to view a list of Amazon S3 buckets and their contents.
Now, test whether you can put or delete any file from the bucket.
Now, test whether you can put or delete any file from the bucket.
- Click Upload and try to upload random file into the bucket…
Info
You should get similar error: AccessDenied.
This is because your user has been assigned permission only to list and get data from Amazon S3.
Next, test whether they have access to Amazon EC2.
This is because your user has been assigned permission only to list and get data from Amazon S3.
Next, test whether they have access to Amazon EC2.
- In the Services menu, click EC2.
- In the left navigation pane, click Instances.
Result
You cannot see any instances!
Instead, it says An error occurred fetching instance data: You are not authorized to perform this operation..
This is because your user has not been assigned any permissions to use Amazon EC2.
Instead, it says An error occurred fetching instance data: You are not authorized to perform this operation..
This is because your user has not been assigned any permissions to use Amazon EC2.
END LAB
Follow these steps to close the console, end your lab, and delete audit user.
- Sign your_username_audit out of the AWS Management Console by configuring the following:
- At the top of the screen, click your_username_audit
- Click Sign Out
- Go back to your main laboratory AWS console.
- In the Services menu, click IAM.
- In the left navigation pane, click Users.
- Select your audit user and click Delete user.
- Confirm and Delete.
