Question-1: If you delete your IAM user, then it will be
deleted from the Root user is this statement is True or False?
Answer: True.
Definition:
Once you will delete user from the IAM then it will automatically impact the setting in Root User as well and it will never pop up under Root Users list.
007: In AWS what is the use of Access
Key, CLI and SDK ?
Solution:
We can access AWS
Console using below 3 options.
1.
AWS
Management Console (protected by password +MFA)
2.
AWS
Command Line Interface (CLI) : protected by access keys
3.
AWS
Software Development Kit (SDK) – for code: protected by access keys
·
Users
manage their own access keys.
·
Access
Keys are secret, just like a password so never share with anyone, other user
can generate their own access key. By this way use can secure your account.
o
Access Key
ID == user name (It means Access Key ID
is work same as your username)
o
Secreat
Access Key == password
·
Secreat
Access Key == password
o AWS CLI is a tool that enable you to interact
with AWS services using commands in your command-line interface..using shell
scripts.
o AWS Software Development Kit (AWS SDK)
o Language-Specific APIs (Set of libraries)
o Enable you to access and manage AWS services
programmatically
o Embedded within your application
o Supports
o
SDKs (JavaScript,
Python, PHP, .NET, Ruby, Java, Go, Node.ja, C++)
o
Mobile SDKs
(Android, iOS, ..)
o
IoT Device
SDKs (Embedded C, Arduino…)
Example: AWS CLI is built on AWS SDK for Python
Solution;
Step-1: Search in
google ‘AWS CLI Install window’.
Step-2: follow below link in case
Installing
past releases of the AWS CLI version 2 - AWS Command Line Interface
(amazon.com)
o https://awscli.amazonaws.com/AWSCLIV2-2.0.30.msi
step-3:
open command-prompt
Step-4:
Run , aws –version
Solution:
o Don’t use root account to create security credential.
o
Warning
o Never post your secret access key on public platforms, such as GitHub.
This can compromise your account security.
o Go to AWS Command Prompt
o aws configure
Now, as per above screen shot
AWS Secret Key has been configured.
o aws iam list-users
This will list all the users
in my account.
o All region is not supporting aws cloudshell.
o To know about which region supports AWS Cloudshell, please serach in
google or follow below link
o AWS CloudShell
endpoints and quotas - AWS General Reference (amazon.com)
o Error:
Getting below error message, when using the
‘aws --version’ command in cloudshell.
aws-cli/2.8.0 Python/3.9.11
Linux/4.14.291-218.527.amzn2.x86_64 exec-env/CloudShell exe/x86_64.amzn.2
prompt/off
Note:
o Before working on CloudShell
make sure the region, Because cloud shell is not available for all the region.
o In CloudShell you can get
below functionality
v
IAM Roles for AWS Services:
· Some AWS service will need to
perform actions on your behalf.
· To do so, we will assign
permission to AWS services with IAM Roles.
· Common roles:
§
EC2 Instance Roles
§
Lambda Function Roles
§
Roles for CloudFormation
IAM Security Tolls
There
are two type of IAM roles..
1.
IAM Credentials Report (account-level)
2.
IAM Access Advisor (user-level)
ü
IAM Credential Report
(account-level)
· A report that lists all your
account’s users and the status of their various credentials.
ü
IAM Access Advisor
(user-level)
· Access advisor shows the
service permissions granted to a user and when those services were last
accessed.
· You can use this information
to revise your policies.
You
can download the credential report by using below window..
Once the report will download
you can see the below information in the downloaded csv file…
This downloaded files hold
the both users details (Root + IAM
users) along with complete details.
IAM Guidelines & Best
Practices
1.
Don’t use Root account except for AWS account setup.
2.
One Physical user = One AWS user
3.
Assign users to group and assign permission to groups
4.
Create Strong password policy
5.
Use and enforce the use of Multi Factor Authentication (MFA)
6.
Create and use Roles giving permission to AWS services
7.
Use Access Key for Programmatic Access (CLI / SDK)
8.
Audit permission of your account with the IAM Credentials Report
9.
Never share IAM
users & Access Keys
IAM Section – Summary
1.
Users: Mapped to a physical user,
has a password for AWS Console.
2.
Groups: contains user only
3.
Policies: JSON document that outline
permissions for users or groups
4.
Roles: for EC2 instance or AES
services
5.
Security: MFA + Password Policy
6.
Access Keys: access AWS using the
CLI or SDK
7.
Audit: IAM Credential Reports & IAM
Access Advisor.
1.
What is a proper definition
of an IAM Role?
Answer : An IAM entity that defines a set of
2.
Which of the following is an
IAM Security Tool?
Ans: IAM Credentials Report
EC2 Fundamental
After
login with IAM User, if very first time you are going to setup Billing
then you will get below Error Message to
overcome with this problem.
Follow
the above instruction and try again …
Solution:
Resolve above issue follow
below step.
Step-1: Login with your Root Account.
Step-2: Click on the Right hand side
top corner and select MyAccount from
drop down.
Step-3: Scroll down the below page
and select
Then, Click on ‘Edit’ button and Activate IAM
Access. Update it
Step-4:
Now, Go to the IAM User login
page and refresh the page your problem will resolve technically and you will get
the below page.
· Once your above problem gets resolve you can set your own budget under
the IAM User login.
o
Step-1: In the below Screen click budget
o
Step-2: Click on budget, and set all the Alert-1, and Alert-2 as a
forecast to avoid any extra used during your AWS learning.
Using Public IPv4 using
http:// not https:// below page will open successfully….
No comments:
Post a Comment