Tag Archives: certification

Identity and Access Management – AWS Part 1

Amazon’s Identity and Access Management or IAM as commonly referred to gives centralized control to your AWS account. Not only can you give shared access with role based permissions you can also provide temporary access to users. Like Active Directory, you can set up a password rotation policy, length and complexity. There is an option for added security with multifactor authentication through providers like Google.

Log into your AWS account and click on the IAM symbol

iam4

iam1

When creating your console link you have to remember it is a global DNS name space.  What you choose may already be in use.  Also your  users, groups, roles etc are not region specific. They are shared globally.   Here I created 2ninjas1blog by clicking on customize next to my IAM link. There are now 5 steps to complete your setup. You’ll see the root access keys are already deleted.

Click on Active MFA on your root account and then Manage MFA

You can select Virtual or Hardware, here I selected Virtual. There is a link from Amazon showing supported MFA devices. The Google Authenticator on your smartphone works well and is easy for this demonstration.

mfa1

A QR code will be displayed. This is where your authenticator device comes in. I used Google authenticator on my phone and scanned the QR code. You then input 2 codes from the authenticator

iam

And click Activate Virtual MFA

You will now get a message that the MFA device was successfully associated.

Now that we have activated MFA on the root account, lets go on to the next step and Create individual IAM users
Click on Create individual IAM users on the dashboard and on the left click Users

image

Click Create New Users. Remember by default users will not have access until permissions are granted to them.

Here I create our 2 users and click on generate an access key for each user. This is very important to save because you cannot obtain it later. This will prompt a download of the credentials after we create a password.

image

The next screen shows the Access Key ID and Secret Access Key.  These can be used for CLI to directly interact with the AWS console.  You can download the credentials and put them in a safe place because this will be the only chance you get.  Below is an example user to show the screen.

keys

Here are both accounts but no password is assigned to either one.
image

We need to click check next to the User Name and click User Actions and select Manage Password
image

Here you can have an auto-generated password and set if you want the user to reset their password at login. Credentials in a form of a csv file can be downloaded and should be kept in a safe place.

Now these logins are useless without permissions assigned. You can assign them directly to a user account but it’s best practice to create a group and assign users to the gorup.

Now we are on the 4th task of our IAM console, Use groups to assign permissions.
In order to assign permissions we need to create a group with a policy attached. Policies have the permissions listed within them. Click on Groups then

image

Through the wizard, I can Set a Group Name
image

Then attach the Administrator Policy
image and click Generate

image

Now I can add my 2 users to my new Administrator group. By going to Groups on my dashboard, click the check box next to NinjaAdmins and under Group Actions select Add Users to Group.

Now I can select NinjaAmy and NinjaNick to be NinjaAdmins
image

I select my NinjaAmy and NinjaNick users and now I can see 2 users are part of my NinjaAdmin group

groups2

You can always go back and click on Groups to see who is a member and what sort of permissions they have.  You can also remove users from the group

group3

Yay, we are almost done.  Lastly, we have to Apply an IAM password policy.  Click on Manage Password Policy

iam2

Here you can go through a number of requirements

iam3

Apply your password policy and you will see you are now finished setting up IAM.

I can now log into https://2ninjas1blog.signin.aws.amazon.com/console with my username: NinjaAmy and come into the AWS console, no longer using root

login

On the top right, you can see NinjaAmy in lieu of root.

login2

This completes Part 1 of IAM. Part 2 will go deeper into the roles and policies.

2 Ninjas and Amazon Web Services

Amy and I spend a good amount of time working on external projects. In fact, we discussed at the beginning of this year what we wanted to focus on. For me it has been wrapping up my Pluralsight Course for vRO, as well as, working on extending Tintri APIs to meet business use cases. For Amy, it’s been knee deep in automating the world at UCMC, as well as, working and discussing ideas around community and charity work that we hope to start early next year.

For the rest of this year, we are going to now continue our Real World Cloud Series and given the rise in AWS ,which does not seem to be slowing down, we’ve decided to get going on a series focused around AWS. We are going to start off in the IaaS services first, expand these into the automation and service catalog discussions that we have on a day to day basis. After that we will continue on to gather AWS certifications. I will also be blogging about this on the Ahead blog site from a higher level and business standpoint. There are tons of useful posts there from many of my colleagues whom I work with so definitely check it out.

We have created 2 pages to organize this:

AWS Guides

AWS Solutions Architect Associate Exam

In some cases, both pages will share some of the same blog posts but hopefully this helps if you are just trying to focus on the exam.  It will all become clear as the posts start to come out in the next few months.

 

 

 

Upcoming #vBrownBag Webinar Series: AWS Certified Solutions Architect – Associate Exam

download

It’s finally time to bang out some AWS certifications!

AWS as been on my radar for a long time now, and really this is one of many certifications that are just overdue and need to get done.

Thanks to an invite from Jonathan Frappier to get me motivated and put a date on it, I will be presenting the first in the #vBrownbag series on the certification for AWS Certified Solutions Architect: Associate Exam. Signup by going to the vBrownBag site. Following Part 1, many of my other colleagues at Ahead (Tim Carr & Bryan Krausen) will also be presenting subsequent parts of Domain 1 (Designing highly available, cost-efficient, fault-tolerant, scalable systems).

In part 1, I will be covering the following objectives:

– Identify and recognize cloud architecture considerations, such as fundamental components and effective designs
— How to design cloud services
— Planning and design.

Part 1 is certainly high level and focused on an overview of fundamental components and design. Once I get through the specific requirements, I’m happy to stick around and share real world experiences as well for anyone interested from my time leading the Cloud and Automation practice at Ahead with our clients. I’m sure other Ahead people will be on there if you want to hear their real world experiences as well. Otherwise lets do some cert training!

computertraining

Look forward to seeing many of you on the vBrownbag!