hands-on lab

Advanced Roles and Groups Management Using IAM

Up to 1h 15m
You can pause this lab for up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users. You can specify permissions to a single user or you can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. Furthermore, you can use a Role to grant authorization to AWS resources without any credentials (password or access keys) directly associated with it. In this lab, you will learn the recommended AWS security best practices.

Learning Objectives

Upon completion of this lab you will be able to:

  • Create IAM groups
  • Create IAM users
  • Work with IAM policies
  • Work with IAM roles and instance profiles

Intended Audience

This lab is meant for:

  • Those preparing to work with AWS
  • Those preparing for certification in AWS
  • Those looking to use IAM according to secure best practice


You should be familiar with:

  • AWS Management Console and AWS CLI familiarity are helpful but not required
  • Basic IAM principles are helpful but not required


February 12th, 2024 - Updated screenshots and instructions to reflect the latest UI

February 27th, 2023 - Updated instructions and screenshots to reflect latest UI

June 2nd, 2022 - Updated instructions and screenshots to reflect the new launch instance wizard

April 8th, 2022 - Addressed an issue with launching EC2 instances

March 7th, 2022 - Updated the instructions and screenshots to reflect the latest UI

January 25th, 2022 - Updated the instructions and screenshots to reflect the latest UI

December 21, 2021 - Updated step for additional clarity and explanation.

October 28, 2021 - Updated final lab step for clarity.

September 22nd, 2021 - Updated some screenshots and converted lab to utilize EC2 Instance Connect

February 12th. 2021 - Updated the lab to resolve a permission issue when creating the role and updated screenshots to the latest console experience

July 17th, 2019- Refactored the Lab to improve the user experience

February 12th, 2019 - Insert a warning for avoiding the user checking the wrong checkbox

December 5th, 2018 - Added a validation Lab Step to check the work you perform in the Lab

Environment before

Environment after

About the author

Matt Martinez, opens in a new tab
Cloud Content & Labs QA
Learning paths

Matt has worked for multiple Fortune 500 companies as a DevOps Engineer and Solutions Architect. He is an AWS Certified DevOps Engineer - Professional, and an AWS Certified Solution Architect - Associate. He enjoys reading and learning new technologies.

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Creating an IAM User Group
Creating an IAM User
Create Access key for IAM user
Creating a Customer Managed Policy with Policy Generator
Attaching a Policy to Users
Creating an IAM Role
Launching EC2 Instances with IAM Profile
Connecting to the Amazon Virtual Machine Using EC2 Instance Connect
Testing IAM from an EC2 Linux Instance