- Introduction
- Challenges
- How to Use This Repository
- Disclaimer
Welcome to the GitHub repository for configuring AWS account access in a cafe's AWS environment. This repository provides detailed instructions and scripts for securing access for application developers and database administrators.
-
IAM Group Creation:
- Create an IAM group named "AppDevelopers."
- Attach policies: AmazonEC2ReadOnlyAccess, AWSCloud9EnvironmentMember.
-
IAM User Configuration:
- Create an IAM user named "Nikhil" with AWS Management Console access.
- Add Nikhil to the "AppDevelopers" group.
-
AWS Cloud9 Environment Setup:
- Log in as Sofía (voclabs user).
- Open AWS Cloud9 under DEVCafeServer.
- Run commands for setting up the cafe web application.
- Share AWS Cloud9 environment with Nikhil.
- Incognito Mode Login:
- Log in as Nikhil using incognito mode.
- Verify EC2 access, test the cafe web app, and check database connectivity.
- Explore Systems Manager Parameter Store.
-
IAM Group Creation:
- Create an IAM group named "DBAdministrators."
- Attach policies: AmazonRDSReadOnlyAccess, AmazonSSMFullAccess.
-
IAM User Configuration:
- Create an IAM user named "Olivia" with AWS Management Console access.
- Add Olivia to the "DBAdministrators" group.
- Incognito Mode Login:
- Log in as Olivia using incognito mode.
- Verify RDS database status and address EC2 instance access issues.
- Fix the database username issue in Systems Manager Parameter Store.
-
IAM Policy Simulator:
- Use IAM Policy Simulator to evaluate permissions.
- Select IAMReadOnlyAccess policy for Olivia.
-
Custom IAM Policy Creation:
- Create a custom IAM policy to reduce allowed IAM actions for DBAdministrators.
- Attach the custom policy and remove unnecessary IAMReadOnlyAccess.
- Navigate to each challenge folder (Challenge_1, Challenge_2, Challenge_3).
- Follow detailed instructions in the README files within each challenge folder.
- Execute scripts and commands for AWS CLI or AWS Management Console operations.
- Customize configurations based on your specific environment and security requirements.
This repository is intended for educational purposes. Before applying configurations in a production environment, review and adjust them according to your specific security and operational needs.