Advanced Roles and Groups Management Using IAM

The hands-on lab is part of these learning paths

Solutions Architect – Professional Certification Preparation for AWS
course-steps 47 certification 6 lab-steps 19 quiz-steps 4 description 2
SysOps Administrator – Associate Certification Preparation for AWS
course-steps 35 certification 5 lab-steps 30 quiz-steps 4 description 5
Certified Developer – Associate Certification Preparation for AWS
course-steps 29 certification 5 lab-steps 22 description 2
Security - Specialty Certification Preparation for AWS
course-steps 22 certification 2 lab-steps 12 quiz-steps 5
AWS Security Services
course-steps 9 certification 2 lab-steps 4
AWS Access & Key Management Security
course-steps 6 certification 2 lab-steps 2 quiz-steps 2
more_horiz See 5 more

Lab Steps

Logging in to the Amazon Web Services Console
Creating an IAM Group
Creating an IAM User
Creating a Customer Managed Policy with Policy Generator
Attaching a Policy to Users
Creating an IAM Role
Launching EC2 Instances with IAM Profile
Connecting to a Remote Shell Using an SSH Connection
Testing IAM from an EC2 Linux Instance
Validate Advanced Roles and Groups Management Using IAM

Ready for the real environment experience?

Max Duration1h 15m
star star star star star-half


Lab Overview

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users. You can specify permissions to a single user or you can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. Furthermore, you can use a Role to grant authorization to AWS resources without any credentials (password or access keys) directly associated with it. In this lab, you will learn the recommended AWS security best practices.

Learning Objectives

Upon completion of this lab you will be able to:

  • Create IAM groups
  • Create IAM users
  • Work with IAM policies
  • Work with IAM roles and instance profiles

Intended Audience

This lab is meant for:

  • Those preparing to work with AWS
  • Those preparing for certification in AWS
  • Those looking to use IAM according to secure best practice


You should be familiar with:

  • AWS Management Console and AWS CLI familiarity are helpful but not required
  • Basic IAM principles are helpful but not required


July 17th, 2019- Refactored the Lab to improve the user experience

February 12th, 2019 - Insert a warning for avoiding the user checking the wrong checkbox

December 5th, 2018 - Added a validation Lab Step to check the work you perform in the Lab

Environment before
Environment after

About the Author


Paolo Latella is an AWS Community Hero, Cloud Solutions Architect and AWS Technical Trainer at XPeppers, an enterprise focused on Cloud technologies and DevOps methodologies. Paolo has more than 15 years of experience in IT and has worked on AWS technologies since 2008. Before joining XPeppers he was a Solution Architect Team Leader at Interact, an enterprise leader in Digital Media for the Cloud. There he followed the first Hybrid Cloud project for the Italian Public Sector. Paolo hosts regular meetings as the Co-Founder of AWS User Group Italia and AWS User Group Ticino. He can also be found participating at various technology conferences in Italy.