Labs helping you to learn how write IAM policies following the least privilege principle.
We are using <Variable>
to indicate that you should replace parts of the instructions with a variable.
The CloudFormation template lab-environment.yml
creates a lab environment consisting of:
- EC2 Instance with an IAM role attached (access to SSM is granted for Session Manager access)
- S3 bucket
- SSM parameters
- Create a CloudFormation stack based on the template
lab-environment.yml
.- Set stack name to your name but only use characters
a-z
(lowercase!).
- Set stack name to your name but only use characters
- Make a note with the outputs of the stack:
IamRole
,S3Bucket
. - Connect to the EC2 instance using SSM Session Manager
- Visit https://console.aws.amazon.com/systems-manager/session-manager/start-session
- Select your instance
- Push the Start Session button
- Jump to your home directory:
cd ~
- Done. You can now start with the labs.
- Lab 01: S3 read access
- Lab 02: S3 read and write with prefix
- Lab 03: Parameter Store read access
- Lab 04: Grant access to KMS customer managed CMK
- Lab 05: Terminate EC2 instance with tag
- Lab 06: Launch EC2 instance with tag
- Empty your S3 bucket
<S3Bucket>
. - Delete your CloudFormation stack.