Scribd
Upload
116 views6 pages

AWS IAM Setup for DevTeam Users

The document outlines the steps to set up an AWS IAM group named 'DevTeam' with specific users and permissions. It includes creating the group, adding users with varying access levels, enabling multi-factor authentication (MFA), and creating custom IAM policies for each user. Additionally, it details policies to block bucket deletion and allow the listing of EC2 instances for the group.

Uploaded by

amorvignesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
116 views6 pages

AWS IAM Setup for DevTeam Users

The document outlines the steps to set up an AWS IAM group named 'DevTeam' with specific users and permissions. It includes creating the group, adding users with varying access levels, enabling multi-factor authentication (MFA), and creating custom IAM policies for each user. Additionally, it details policies to block bucket deletion and allow the listing of EC2 instances for the group.

Uploaded by

amorvignesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

📄 AWS IAM Policy and Setup Document

🧑‍🤝‍🧑 User Group: DevTeam

All the users listed below belong to the DevTeam. This group has specific
permissions, and some custom rules must be applied.

✅ Step 1: Create the IAM Group

1. Go to the IAM Console.

2. Choose User groups from the left menu.

3. Click Create group.

4. Enter Group name: DevTeam.

5. Do not attach policies now (we'll create a custom policy later).

6. Click Create group.

👥 Step 2: Create and Assign Users

Create the following users and add them to the DevTeam group:

Usernam MFA
Permissions
e Required

user1 Full access to EC2 and S3 ✅ Yes

Read-only access to
user2 ✅ Yes
Security, IAM

user3 Full access to S3 only ✅ Yes

List-only access to S3
user4 ✅ Yes
Buckets

Steps:

1. In the IAM Console, go to Users > Add users.

2. Enter the username (e.g., user1) and select Programmatic access and
AWS Management Console access.
3. Set custom password, check Require password reset if needed.

4. Add the user to the DevTeam group.

5. Complete user creation and repeat for all 4 users.

🔐 Step 3: Enable MFA for Users

1. For each user:

2. Sign in to the AWS Console as that user.

3. Go to My Security Credentials.

4. Under Multi-Factor Authentication (MFA), click Activate MFA.

5. Choose Virtual MFA device and follow the steps using an app like
Google Authenticator.

📜 Step 4: Create and Attach Custom IAM Policies

1. user1: EC2 and S3 Full Access

Attach these managed policies:

AmazonEC2FullAccess

AmazonS3FullAccess

2. user2: ReadOnly for Security and IAM

Create a custom policy:

json

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:Get*",
"iam:List*",
"securityhub:Describe*",
"securityhub:Get*",
"securityhub:List*"
],
"Resource": "*"
}
]
}

3. user3: Full S3 Access

Attach managed policy:

AmazonS3FullAccess

4. user4: List Bucket Only

Create a custom policy:

json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Resource": "*"
}
]
}

🛑 Step 5: Block Bucket Deletion for DevTeam

Create a custom S3 policy to deny bucket deletion, and attach it to the


DevTeam group:

json

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyBucketDeletion",
"Effect": "Deny",
"Action": "s3:DeleteBucket",
"Resource": "*"
}
]
}

✅ Step 6: Allow DevTeam to List EC2 Instances

Attach this policy to DevTeam group:

json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances"
],
"Resource": "*"
}
]
}
Create the group

next we create 4 user


Next we add to user group

next we attached to user in group


Add the user in group

add to policies each user

You might also like