Assignment Overview:
In this assignment, you will dive deeper into AWS IAM and AWS CLI. You will explore complex IAM policies, multi-factor authentication (MFA), and advanced AWS CLI commands to perform tasks involving various AWS services. This assignment is designed for learners who have a strong foundation in AWS IAM and CLI.
Instructions:
Part 1: Advanced IAM Policies
Task 1.1: Custom IAM Policy
Create a custom IAM policy that allows a user to perform the following actions only on a specific S3 bucket:
List objects
Get object metadata
Download objects
Attach this policy to an IAM user.
Task 1.2: IAM Policy Conditions
Modify the custom IAM policy created in Task 1.1 to include a condition that allows access only if the request is made from a specific IP address range.
Test the policy by trying to access the S3 bucket from a different IP address range.
Part 2: Multi-Factor Authentication (MFA)
Task 2.1: Enabling MFA
Configure Multi-Factor Authentication (MFA) for your IAM user.
Generate an MFA token using a software-based MFA app (e.g., Google Authenticator) and try to access your AWS account. Ensure that MFA is required for any AWS CLI operations.
Task 2.2: MFA-Protected Actions
Create an IAM policy that allows users to perform sensitive actions (e.g., creating IAM users, modifying IAM policies) only if MFA is enabled and they provide a valid MFA token.
Attach this policy to the IAM user from Task 2.1 and test it by attempting to perform those sensitive actions with and without MFA.
Part 3: AWS CLI Automation
Task 3.1: AWS CLI Scripting
Write a Bash or Python script that does the following:
Lists all EC2 instances in all regions.
Identifies the instances with specific tags (e.g., "Environment" = "Production").
Creates snapshots of the EBS volumes attached to those instances.
Tags the snapshots with the same tags as the instances.
Ensure the script handles errors gracefully and logs actions.
Task 3.2: Execute Automation
Execute the Automation and print the relevant output with necessary screenshots.
Submission Requirements:
Detailed documentation of each task, including policy JSON, IAM configuration, and script code.
Demonstrations of policy testing and MFA setup.
Evidence of script execution and automation.
Grading Criteria:
Successful completion of all tasks.
Correct implementation of IAM policies, conditions, and MFA.
Functional and error-handling script for Task 3.1.
Scheduled automation for Task 3.2 with proper monitoring.
Note: This advanced assignment assumes a solid understanding of IAM, MFA, and scripting. It's essential to follow best practices for security and error handling when working with IAM and automation. Be sure to clean up any resources created during the assignment to avoid unwanted AWS charges.
Title: Advanced AWS IAM and CLI Assignment
Assignment Overview: In this assignment, you will dive deeper into AWS IAM and AWS CLI. You will explore complex IAM policies, multi-factor authentication (MFA), and advanced AWS CLI commands to perform tasks involving various AWS services. This assignment is designed for learners who have a strong foundation in AWS IAM and CLI.
Instructions:
Part 1: Advanced IAM Policies
Task 1.1: Custom IAM Policy
Task 1.2: IAM Policy Conditions
Part 2: Multi-Factor Authentication (MFA)
Task 2.1: Enabling MFA
Task 2.2: MFA-Protected Actions
Part 3: AWS CLI Automation
Task 3.1: AWS CLI Scripting
Task 3.2: Execute Automation
Submission Requirements:
Grading Criteria:
Note: This advanced assignment assumes a solid understanding of IAM, MFA, and scripting. It's essential to follow best practices for security and error handling when working with IAM and automation. Be sure to clean up any resources created during the assignment to avoid unwanted AWS charges.