Module 4

Authentication and Authorization, Cloud

Trial, Cloud Watch
IAM
• IAM, or Identity and Access Management, is a framework of policies, processes, and
technologies that enable organizations to manage digital identities and control access to
resources.

Key components of IAM:

• Identity Management

• Access Management

• Authentication

• Authorization

• Audit and Reporting

 Steps to create IAM user
Step 1: Go to the Amazon web services Sign-In console. Create an AWS Free Tier Account.

Step 2: Try signing in with your root username and password

Step 3: Search in the search box entering "IAM user" as shown in the image.
Step 4: After you enter the IAM user page, you can see the IAM dashboard then go to the "users" option
by clicking on it.
• In the user sections try creating a user by clicking on the "create user" button, now you will follow
through with 3 phases for creating an IAM user.
i. Specifying the user details
• Provide the username that you would like to create as an IAM user

ii. Setup the permissions

• Select the attach policies directly option, It's meant to assign the policies individually for the IAM
user.
• In the Permissions policies section go to the search box and enter EC2ReadOnly, you can see the
policy name with AmazonEC2ReadOnly select it to provide this policy access to creating IAM user.
• Similarly you can add on whatever permissions that you would like from the pre-created policies
as per the requirement.
• They will be a case in which we can't f ind the require based policies in that moment , you have to
create policies as your own.
iii. Review and create
• In this step you have to review the information that you provided, once verif ie d then go for the
create option.

• Finally, the IAM user is been created and you can see it on the dashboard.
• Note: Till now the user creation is done, the root user can anytime may delete the user or
customize the permission policies as needed.
• Creating the Password (Security)
Step 6: Now based on the mode of login we have to create a password or access Key as per the use
case. If you need a web console login then try on setting the password or else create the access key.
• Note: Here, we will go through web console access.
Step 7: Firstly Go to security credentials, In the console -sign-in section click on the enable console
access button.
• By clicking on the Enable console button you will be redirected to manage console login as shown
in figure:
• Choose the Enable option
• Coming to the below password section we can set either the customized password that is directly
set now or auto-generating and try on creating at the time of login.
• Try Setting up the password as per instructions on including Alphabets, Special Characters, and
Numbers.
Step 9: Follow the instructions while setting the password once it is created click on 'Done' option.
• Login with the IAM User
Step 10: For logging in with the IAM user we need 3 things:
1. AWS account ID, you can get the AWS account Id by clicking the root user account in the right
corner similar to the figure highlighted below.
2. IAM username, The IAM user name that you created
3. Password, The password that you set for this IAM user
• Fill in the asking details such as AWS account ID, IAM user, and Password from the sign-in portal
going to the IAM user option:
• Once you log in successfully you can view the page as shown below, on top of the right corner you
can see the IAM username with account ID:

• If you reached to this f inal interface then you performed the creation and login with the IAM user
successfully.
Authentication tools in AWS
Here are some primary AWS authentication tools and services:

• AWS Identity and Access Management (IAM)

• AWS Single Sign-On (SSO)

• Amazon Cognito

• AWS Security Token Service (STS)

• AWS Organizations
Cloud Trial
• In AWS, CloudTrail is the primary service for monitoring and logging account activity
across AWS resources.

Some core concepts within CloudTrail:

• Management Events

• Data Events

• Trails

• Log File Integrity Validation

 Steps to create cloud trail
Step 1: Go to the Amazon web services Sign-In console. Create an AWS Free Tier Account.

Step 2: Try signing in with your root username and password

Step 3: Click on Services and search for “CloudTrail”.

Step 4: Create CloudTrail
• Select “Create CloudTrail”, name it as “MyTrail”.
Step 5: Edit Storage Location
• Click on the created “MyTrail” and edit the storage location. Choose “Create new S3 bucket” and
save changes.
Step 6: Save Changes
• Confirm and save changes to finalize the S3 bucket configuration.
Step 8: Confirm Settings
• Ensure data events are configured to deliver to the AWS CloudTrail console, Amazon S3 buckets,
and optionally Amazon CloudWatch Logs.
Step 9: Monitor Data Events
• Data events are automatically stored in the designated S3 bucket.

Step 10: Access and Review Event Data

• Navigate to the S3 bucket, locate the f irst f ile, download it, and review the JSON formatted data
events.
 CloudWatch
• Amazon CloudWatch is a monitoring and observability service that provides data and insights
to monitor applications.

Primary features:

• CloudWatch Metrics

• Graphing Metrics

• Metric Math

• CloudWatch Logs

• CloudWatch Alarms
Creating Custom Metrics and Dashboards for AWS
Resource Monitoring
1. Navigate to CloudWatch in the AWS Management Console.
2. Select “Dashboards” from the sidebar.
3. Click “Create dashboard”.
4. Enter a name for your dashboard.
5. Add widgets such as graphs, numbers, and text, selecting the metrics you want to display.
• You can also add the metrics from dashboard or you can add it from ec2 or other resources.
• Vn
• All the metrics have been added in your dashboard. Now we can customize their appearances.
• This visual representation helps in understanding the health and performance of your
applications at a glance.
Creating CloudWatch Alarms
1. Access the AWS Management Console:
• Open your web browser and navigate to AWS Management Console.
• Log in to your AWS account.
2. Go to CloudWatch:
• In the AWS Management Console, locate and click on “Services” in the top left corner.
• Under “Management & Governance,” select “CloudWatch.”
3. Navigate to Alarms:
• In the CloudWatch dashboard, find the left-hand navigation pane.
• Click on “Alarms” under the “All arms” section.
• On the “All alarms” page, click the “Create Alarm” button.
4. Select Metric:
• Choose the metric you want to monitor by selecting a data source (e.g., EC2, RDS) or a custom
metric.
• Here we can select our ec2 preferred conditions
• Here we selecting “CPU utilization”
• And click “select metric”
5. Define Conditions:
• Set conditions for the alarm. Specify thresholds, comparison operators, and evaluation periods.
• we can set conditions according to our requirements.
•In the define threshold value section we can make different value with our own requirement
•Click next to continue
6. Set Actions on configure SNS topic
• Choose “Create a new SNS topic.”
• Enter a name for the new SNS topic.
• Enter E-mail as a end point
• click create topic
• After creating sns topic aws sends you a conformation mail for the Gmail address given
• Click the confirm subscription
1. Add Name and Description:
2. Provide a meaningful name and description for your alarm to easily identify its purpose.
3. Review and Create:
• Review your configuration to ensure it meets your requirements.

• Here we can review the conditions what we give

• Click “Create Alarm” to finalize the alarm setup.
• If the CPU utilization become more than what we give the value we get an message to our
required mail address
THANK YOU