Advanced Roles and Groups Management Using IAM

Lab Steps

Logging in to the Amazon Web Services Console
Creating an IAM User Group
Creating an IAM User
Create Access key for IAM user
Creating a Customer Managed Policy with Policy Generator
Attaching a Policy to Users
Creating an IAM Role
Launching EC2 Instances with IAM Profile
Connecting to the Amazon Virtual Machine Using EC2 Instance Connect
Testing IAM from an EC2 Linux Instance

Ready for the real environment experience?

This is a long-running lab that you can pause for up to 1 hour

You can pause this lab for
up to 1h
Time Limit1h 15m


AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users. You can specify permissions to a single user or you can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. Furthermore, you can use a Role to grant authorization to AWS resources without any credentials (password or access keys) directly associated with it. In this lab, you will learn the recommended AWS security best practices.

Learning Objectives

Upon completion of this lab you will be able to:

  • Create IAM groups
  • Create IAM users
  • Work with IAM policies
  • Work with IAM roles and instance profiles

Intended Audience

This lab is meant for:

  • Those preparing to work with AWS
  • Those preparing for certification in AWS
  • Those looking to use IAM according to secure best practice


You should be familiar with:

  • AWS Management Console and AWS CLI familiarity are helpful but not required
  • Basic IAM principles are helpful but not required


February 27th, 2023 - Updated instructions and screenshots to reflect latest UI

June 2nd, 2022 - Updated instructions and screenshots to reflect the new launch instance wizard

April 8th, 2022 - Addressed an issue with launching EC2 instances

March 7th, 2022 - Updated the instructions and screenshots to reflect the latest UI

January 25th, 2022 - Updated the instructions and screenshots to reflect the latest UI

December 21, 2021 - Updated step for additional clarity and explanation.

October 28, 2021 - Updated final lab step for clarity.

September 22nd, 2021 - Updated some screenshots and converted lab to utilize EC2 Instance Connect

February 12th. 2021 - Updated the lab to resolve a permission issue when creating the role and updated screenshots to the latest console experience

July 17th, 2019- Refactored the Lab to improve the user experience

February 12th, 2019 - Insert a warning for avoiding the user checking the wrong checkbox

December 5th, 2018 - Added a validation Lab Step to check the work you perform in the Lab

Environment before
Environment after
About the Author
Learning paths8

Matt has worked for multiple Fortune 500 companies as a DevOps Engineer and Solutions Architect. He is an AWS Certified DevOps Engineer - Professional, and an AWS Certified Solution Architect - Associate. He enjoys reading and learning new technologies.