Labs helping you to learn how write IAM policies following the least privilege principle.
Are you looking for an instructor-led workshop based on these labs? Say [email protected].
We are using <Variable> to indicate that you should replace parts of the instructions with a variable.
The CloudFormation template lab-environment.yml creates a lab environment consisting of:
- EC2 Instance with an IAM role attached (access to SSM is granted for Session Manager access)
- S3 bucket
- SSM parameters
- Create a CloudFormation stack based on the template
lab-environment.yml.- Set stack name to your name but only use characters
a-z(lowercase!).
- Set stack name to your name but only use characters
- Make a note with the outputs of the stack:
IamRole,S3Bucket. - Connect to the EC2 instance using SSM Session Manager
- Visit https://console.aws.amazon.com/systems-manager/session-manager/start-session
- Select your instance
- Push the Start Session button
- Jump to your home directory:
cd ~
- Done. You can now start with the labs.
- Lab 01: S3 read access
- Lab 02: S3 read and write with prefix
- Lab 03: Parameter Store read access
- Lab 04: Grant access to KMS customer managed CMK
- Lab 05: Terminate EC2 instance with tag
- Lab 06: Launch EC2 instance with tag
- Empty your S3 bucket
<S3Bucket>. - Delete your CloudFormation stack.
We offer AWS workshops tailored to your needs. See widdix/learn-* for more labs.