3.3 Setting Up IAM

00:01

it's video

00:03

we will complete our setup of I am.

00:07

We will create I am user accounts.

00:12

We will create a group to assign permissions.

00:16

We will create and apply

00:18

and I am password policy

00:21

from the AWS console. We will type. I am into the search bar toe Open the identity and Accidents Management dashboard.

00:33

As you can see, we still have three tasks remaining to be completed.

00:38

We will need to create I am users.

00:41

We will need to create a group to assign our users too.

00:46

And then we will need to assign a password policy to our users.

00:50

So let's begin with the task of creating our first user,

00:54

then click at user

00:57

and here I'll put in my user name of Shawn.

01:06

Next, I will give myself a W s management Council access

01:15

for my password. I can either have A W s auto generated password for me or provide my own custom password. I'll provide my own

01:25

by default. A W s will require a new user to reset their pastor when they sign in for the first time. But since this is a demonstration, I will uncheck that box

01:38

on the next screen. were presented with three options on how to assign permissions to our user.

01:44

We can assign the user to a group

01:47

or copy permissions from an existing user.

01:51

We'll attach policies directly.

01:53

Let's create a group first

01:57

on the group create screen.

02:00

We first want to give our group name.

02:02

I will call mine

02:05

the group formerly known his route,

02:15

and I will sign my group administrator Access,

02:17

which will provide my members of the group Full access to AWS service is

02:23

Then we will click Create Group to make it official.

02:28

Now we see that our new group has been created.

02:31

Next, I will review the user that I created

02:35

nothing complicated here. This just confirms that I created a user named Sean.

02:40

Sean has access to the AWS Management Council,

02:44

and Shaw will need to supply the custom password that he created when he logs in

02:49

showings accesses administrator.

02:53

Next we move on to the confirmation.

02:55

Basically, this confirms that the creation of the new user account was successful.

03:01

It also provides us with a sign and link

03:05

that is different than the sign and link that's used for a root account.

03:08

We create a new user this is the link that you would send them by email to sign

03:15

into their AWS user account.

03:16

They can also click the down low C S V button that will contain their user credentials.

03:23

So now let's create a second user

03:29

noticed that A. W S warns me that a user named Sean already exists, So the next username will need to be unique.

03:37

So let's give this user name

03:39

a friend of Sean.

03:42

Since he Shawn's friend, let's give him the same permissions. Permissions is Shawn

03:46

and create a custom password for him.

03:57

So now that the second user account is created,

03:59

we can add it to the administrators group.

04:02

First, we review

04:03

the new user that we created

04:06

that looks good. So then we move on to the confirmation page.

04:13

Then we click the small down arrow to see the policy that has assigned to the user friend of Sean.

04:18

If you notice we made it part of the policy that this user will need to change his credentials upon first log in

04:30

Next we returned to the user screen

04:33

and we could see our two users.

04:35

We still have not added any of the users to the Administrators group yet. So let's do that. Now

04:41

we click on Friend of Sean,

04:47

select the group's tab

04:51

quick at users to the group.

04:56

At this time, we have only created one group, so we click that one,

05:00

and now we have added this user to the administrator account.

05:06

Next we will go to account settings.

05:11

This is where we create our pastoral policy

05:14

for our AWS user accounts.

05:16

We can get as granular is a quiet by our business security policy.

05:21

By default, users are permitted to change their own password.

05:29

We will just create a policy where passers expire after 90 days

05:41

and that it with a password expires.

05:44

Then the user will need to contact the administrator to have it reset.

05:48

Then we just apply the password policy.

05:58

Next, we returned to our user screen because I forgot to add the user showing to the administrators group.

06:04

So, just like before,

06:06

we click on the user name that we want to perform the action upon,

06:12

select the group

06:13

that will be adding the user too,

06:24

and we see that the administrative group now contains two users.

06:29

Finally,

06:30

we clicked back on the I am dashboard

06:32

and you will see that we have created all task to properly set up. I am.

06:44

How do we access I am?

06:47

We can access I am by logging into the AWS console and typing I am to pull up the I Am dashboard.

06:57

Do you have to manage each user one by one, or can I sign users to groups

07:04

from administrative perspective, it's best practice to assign users to groups based on their job requirements.

07:12

Once I create a new user,

07:14

how can I get their user credentials to them?

07:16

So once you create a U user account, you can send the user credentials by email straight from the AWS Consul.

07:29

In this video

07:30

we completed setup of I Am

07:34

We created I am user accounts.

07:40

We created a group and assigned permissions