This lab demonstrates the concepts of assuming an AWS Identity and Access Management (IAM) role from the Management Console.
As a member of the cloud team at AnyCompany, your company requires that all users who need access to AWS must not have the IAM permissions attached directly to their users identities. Instead, the users permissions only allow them to assume an IAM role which has the required permissions. The company’s policy also requires that least privilege concepts are strictly applied where possible.
The lab is based on a break/fix scenario where you are presented with a problem of a user failing to switch roles from the Management Console. You need to troubleshoot and fix the issue.
High-level guidance and references are provided to assist in fixing the issue. The detailed solution instructions are provided in a hidden collapsible section which you can expand.
Level
Intermediate
Duration
1 hour 0 minutes
Course objectives
In this course, you will learn how to:
   •   View and update IAM permissions of a user identity-based policy to allow the user to assume an IAM role.
   •   View and update IAM role trust policy to allow a user to assume an IAM role.
   •   Apply least privilege concepts.
   •   Verify the solution.
Intended Audience
This course is intended for:
   •   Security Engineers
   •   Infrastructure Architects
   •   Developers
Prerequisites
We recommend that attendees of this course have the following prerequisites:
   •   Navigating through the AWS Management Console.
   •   AWS Identity and Access Management (IAM).
Course outline
   •   Task 1: Accessing the lab
   •   Task 2: Troubleshooting and remediating the issue and verifying the solution
