1
00:00:00,150 --> 00:00:03,350
Okay, so let's explore the IAM console.

2
00:00:03,350 --> 00:00:04,810
So for this, I'm going to type "IAM"

3
00:00:04,810 --> 00:00:07,420
and then this will take me straight to a console

4
00:00:07,420 --> 00:00:09,610
of an AWS service called IAM.

5
00:00:09,610 --> 00:00:10,680
So the first thing we notice,

6
00:00:10,680 --> 00:00:13,620
is that on the top right corner, under "Global",

7
00:00:13,620 --> 00:00:16,560
it says that IAM does not require region selection.

8
00:00:16,560 --> 00:00:19,460
What this means is that IAM is a global service,

9
00:00:19,460 --> 00:00:22,570
whereas many other AWS services will be regional services

10
00:00:22,570 --> 00:00:24,280
and there will be a region selection.

11
00:00:24,280 --> 00:00:27,290
But for IAM, users and groups are created

12
00:00:27,290 --> 00:00:28,880
in a global fashion.

13
00:00:28,880 --> 00:00:31,030
Okay. So we are in the IAM dashboard.

14
00:00:31,030 --> 00:00:35,020
And the first thing we want to do is to create an IAM user.

15
00:00:35,020 --> 00:00:39,010
So I'm going to go under "Users" and click on "Add users".

16
00:00:39,010 --> 00:00:40,620
So why do we want to create a user?

17
00:00:40,620 --> 00:00:41,560
Well, as we can see,

18
00:00:41,560 --> 00:00:44,430
if you click on the account name right here,

19
00:00:44,430 --> 00:00:46,050
we are using the root user.

20
00:00:46,050 --> 00:00:48,030
The root user has all the permissions

21
00:00:48,030 --> 00:00:49,780
you want in your account, okay?

22
00:00:49,780 --> 00:00:51,220
It can do anything you want.

23
00:00:51,220 --> 00:00:54,010
But therefore it's a very dangerous account to use.

24
00:00:54,010 --> 00:00:57,010
The better way is to create a administrator account

25
00:00:57,010 --> 00:00:58,480
that we're going to create right now.

26
00:00:58,480 --> 00:01:00,880
And this admin account will be able to do everything

27
00:01:00,880 --> 00:01:02,690
the root account does or almost,

28
00:01:02,690 --> 00:01:04,849
and we will let the root go.

29
00:01:04,849 --> 00:01:06,400
And we use the root account

30
00:01:06,400 --> 00:01:08,140
only if we really, really ever need to.

31
00:01:08,140 --> 00:01:11,060
This is from a security perspective, the best setup.

32
00:01:11,060 --> 00:01:13,960
So as we can see, we're going to create a username

33
00:01:13,960 --> 00:01:15,860
and that one is going to be "stephane".

34
00:01:15,860 --> 00:01:18,500
And then we need to select the credential type.

35
00:01:18,500 --> 00:01:20,980
So we'll enable the password type of credential

36
00:01:20,980 --> 00:01:23,410
and we can autogenerate it or create a custom password.

37
00:01:23,410 --> 00:01:24,950
And because this is my own account,

38
00:01:24,950 --> 00:01:27,600
I can just set a custom password and be done with it.

39
00:01:27,600 --> 00:01:29,240
So we don't require a password reset,

40
00:01:29,240 --> 00:01:31,290
and then we click on "Next: Permissions".

41
00:01:32,160 --> 00:01:33,270
I will not save this.

42
00:01:33,270 --> 00:01:35,270
Now, we need to add the user into a group.

43
00:01:35,270 --> 00:01:36,980
So we're going to create a group.

44
00:01:36,980 --> 00:01:39,270
And this group is going to be called "admin".

45
00:01:39,270 --> 00:01:42,000
Now, any user placed within the group "admin",

46
00:01:42,000 --> 00:01:45,470
will inherit the permissions associated with that group.

47
00:01:45,470 --> 00:01:48,220
And so permissions are defined through policies.

48
00:01:48,220 --> 00:01:50,030
And the one policy we're going to attach

49
00:01:50,030 --> 00:01:53,240
to the "admin" group is called "AdministratorAccess".

50
00:01:53,240 --> 00:01:55,680
So this policy will allow any account under this group

51
00:01:55,680 --> 00:01:57,900
to be an administrator of your account.

52
00:01:57,900 --> 00:02:00,240
So let's go ahead and create this group.

53
00:02:00,240 --> 00:02:01,790
And next, click on "Tags".

54
00:02:01,790 --> 00:02:05,590
So in AWS, you will find tags pretty much everywhere.

55
00:02:05,590 --> 00:02:08,180
And they're just information that can help you track,

56
00:02:08,180 --> 00:02:10,500
organize or control access for users.

57
00:02:10,500 --> 00:02:12,720
And so we're not going to create tags everywhere

58
00:02:12,720 --> 00:02:14,330
for our course, okay?

59
00:02:14,330 --> 00:02:17,290
But what I can show you is how to create a tag for our user.

60
00:02:17,290 --> 00:02:19,020
And this is just information you want to add

61
00:02:19,020 --> 00:02:21,050
regarding that specific user, okay?

62
00:02:21,050 --> 00:02:25,150
So for example, I can say that the "Department" of my user

63
00:02:26,120 --> 00:02:27,800
is "Engineering".

64
00:02:27,800 --> 00:02:30,610
And you can have any tags you want on many resources in AWS.

65
00:02:30,610 --> 00:02:32,770
I'm just showing you how to do it once.

66
00:02:32,770 --> 00:02:33,930
Now, let's click on "Review".

67
00:02:33,930 --> 00:02:36,010
So we've created a username "stephane",

68
00:02:36,010 --> 00:02:38,770
with password access to the Management Console.

69
00:02:38,770 --> 00:02:41,830
And then the group it belongs to, is the "admin" group.

70
00:02:41,830 --> 00:02:44,450
And the tags is "Department: Engineering".

71
00:02:44,450 --> 00:02:46,393
So let's go ahead and create this user.

72
00:02:47,320 --> 00:02:48,310
And now the user is created.

73
00:02:48,310 --> 00:02:51,040
So before we go there, you need to download the .csv

74
00:02:51,040 --> 00:02:53,270
especially if you autogenerated a password.

75
00:02:53,270 --> 00:02:55,000
So this "Download .csv"

76
00:02:55,000 --> 00:02:58,300
will have the credentials of your users contained within it.

77
00:02:58,300 --> 00:03:00,470
And you can also email login instructions

78
00:03:00,470 --> 00:03:02,950
to a specific email if you're creating a user

79
00:03:02,950 --> 00:03:04,670
for someone else.

80
00:03:04,670 --> 00:03:06,770
But this is our own user, so are we good to go.

81
00:03:06,770 --> 00:03:10,110
So we'll close this and now let's explore

82
00:03:10,110 --> 00:03:10,943
what we have created.

83
00:03:10,943 --> 00:03:14,650
So under "User groups", I will find the group "admin".

84
00:03:14,650 --> 00:03:15,483
And if I click on it,

85
00:03:15,483 --> 00:03:17,550
I can see that there's one user in this group,

86
00:03:17,550 --> 00:03:19,510
which is the "stephane" user.

87
00:03:19,510 --> 00:03:22,140
And if I look at the group permissions, as we can see,

88
00:03:22,140 --> 00:03:23,810
there's a policy name attached to the group,

89
00:03:23,810 --> 00:03:25,660
which is the "AdministratorAccess",

90
00:03:25,660 --> 00:03:28,080
which provides full admin access to any users

91
00:03:28,080 --> 00:03:29,120
within the group.

92
00:03:29,120 --> 00:03:32,620
And so if we go and click on the user "stephane".

93
00:03:32,620 --> 00:03:33,453
So this is a user.

94
00:03:33,453 --> 00:03:36,400
You can also get back from this menu on the left-hand side

95
00:03:36,400 --> 00:03:38,560
and just click on "Users > stephane".

96
00:03:38,560 --> 00:03:39,600
Okay.

97
00:03:39,600 --> 00:03:41,670
So if you click on the user "stephane" back to it.

98
00:03:41,670 --> 00:03:42,860
Okay, great.

99
00:03:42,860 --> 00:03:45,440
We have these permissions and the permissions

100
00:03:45,440 --> 00:03:48,040
associated with my user is "AdministratorAccess".

101
00:03:48,040 --> 00:03:50,710
And this is a managed policy that we inherited

102
00:03:50,710 --> 00:03:53,200
from the group admin, okay?

103
00:03:53,200 --> 00:03:56,163
So we have our users and we have our groups.

104
00:03:57,130 --> 00:03:58,960
And now we're going to see how to log in

105
00:03:58,960 --> 00:04:00,860
with that user, "stephane".

106
00:04:00,860 --> 00:04:03,390
So to do so let's go back into the dashboard.

107
00:04:03,390 --> 00:04:04,860
And on the right-hand side of the dashboard,

108
00:04:04,860 --> 00:04:07,120
we have some summary about our AWS account.

109
00:04:07,120 --> 00:04:08,800
So the account ID is right here,

110
00:04:08,800 --> 00:04:10,810
which can also get to by opening this panel.

111
00:04:10,810 --> 00:04:14,370
So this is the same account ID here, and here.

112
00:04:14,370 --> 00:04:17,470
And the account alias is what you can set

113
00:04:17,470 --> 00:04:18,990
to log in to your account faster,

114
00:04:18,990 --> 00:04:21,750
because remembering numbers sometimes is difficult.

115
00:04:21,750 --> 00:04:23,640
So you can create an account alias,

116
00:04:23,640 --> 00:04:25,550
and you just have to specify an alias that you like.

117
00:04:25,550 --> 00:04:28,490
For example, "stephane-aws-v2".

118
00:04:28,490 --> 00:04:29,440
And click on "Save changes".

119
00:04:29,440 --> 00:04:31,650
Now, this is a unique alias for my account.

120
00:04:31,650 --> 00:04:32,670
You're not going to be able to-

121
00:04:32,670 --> 00:04:34,033
You're not going to be able to use this account,

122
00:04:34,033 --> 00:04:36,670
this alias for your account, but you can create your own.

123
00:04:36,670 --> 00:04:39,760
And now we have a sign-in URL on the right-hand side

124
00:04:39,760 --> 00:04:41,930
that is customized for my alias.

125
00:04:41,930 --> 00:04:44,660
So if I click on "Copy this URL",

126
00:04:44,660 --> 00:04:46,260
I need to open it in a new tab,

127
00:04:46,260 --> 00:04:50,680
but it must be an incognito tab or a different web browser.

128
00:04:50,680 --> 00:04:53,380
So here I've opened a private window in Firefox,

129
00:04:53,380 --> 00:04:55,250
which is going to be a different session.

130
00:04:55,250 --> 00:04:57,230
And so therefore I can copy the sign-in URL

131
00:04:57,230 --> 00:04:59,750
and paste it here and press enter.

132
00:04:59,750 --> 00:05:02,417
Now we are taken again to the login page of AWS.

133
00:05:03,260 --> 00:05:05,720
And as we can see, we have three fields.

134
00:05:05,720 --> 00:05:09,040
We have the "Account ID", the "IAM user name"

135
00:05:09,040 --> 00:05:10,700
and the password.

136
00:05:10,700 --> 00:05:14,790
So what's happening here, is that we, using this URL,

137
00:05:14,790 --> 00:05:17,800
are taken to a sign-in page as an IAM user.

138
00:05:17,800 --> 00:05:18,680
And how do we know this?

139
00:05:18,680 --> 00:05:20,840
How can we get back to this page if we wanted to?

140
00:05:20,840 --> 00:05:22,960
Well, when we went into the "Sign in", we had two options,

141
00:05:22,960 --> 00:05:25,890
either "Root user", which will log you in as a root user,

142
00:05:25,890 --> 00:05:28,170
or "IAM user", in which case you just need

143
00:05:28,170 --> 00:05:31,040
to enter the account ID or the account alias

144
00:05:31,040 --> 00:05:32,320
and then click on "Next",

145
00:05:32,320 --> 00:05:34,700
which will take you into the page that we had from before,

146
00:05:34,700 --> 00:05:37,873
which was this page right here.

147
00:05:39,030 --> 00:05:40,570
So now in this page, what I need to do

148
00:05:40,570 --> 00:05:42,690
is to enter my IAM username and the password

149
00:05:42,690 --> 00:05:44,290
that I just created.

150
00:05:44,290 --> 00:05:45,887
And then click on "Sign in".

151
00:05:46,750 --> 00:05:50,390
And we are now logged in as an IAM user in the console.

152
00:05:50,390 --> 00:05:51,580
So how do we know this?

153
00:05:51,580 --> 00:05:53,330
Well, if you're logged in as your user,

154
00:05:53,330 --> 00:05:54,810
as you can see when you click on the account,

155
00:05:54,810 --> 00:05:56,510
it says "My Account" and the account number.

156
00:05:56,510 --> 00:05:57,810
This is a root user.

157
00:05:57,810 --> 00:05:58,990
But if we go on the right-hand side,

158
00:05:58,990 --> 00:06:01,360
we can see that there's "stephane @"

159
00:06:01,360 --> 00:06:02,750
and then the account alias.

160
00:06:02,750 --> 00:06:04,370
And so what we can see is that "stephane"

161
00:06:04,370 --> 00:06:07,710
is the IAM user "stephane", and then "My Account"

162
00:06:07,710 --> 00:06:08,660
and the account number.

163
00:06:08,660 --> 00:06:09,680
So we know on the right-hand side,

164
00:06:09,680 --> 00:06:11,530
that we're logged in as an IAM user.

165
00:06:11,530 --> 00:06:13,970
Now this IAM user can do pretty much anything

166
00:06:13,970 --> 00:06:16,120
that the other user was able to do, the root user,

167
00:06:16,120 --> 00:06:18,030
because they're both admins, okay?

168
00:06:18,030 --> 00:06:20,280
But from a course perspective, it's better

169
00:06:20,280 --> 00:06:23,700
if you use an IAM user, than using the root account.

170
00:06:23,700 --> 00:06:25,627
Now you will see in some videos, I have the root user,

171
00:06:25,627 --> 00:06:27,470
and some videos, I have the IAM user.

172
00:06:27,470 --> 00:06:29,540
It doesn't really matter from the course perspective, okay?

173
00:06:29,540 --> 00:06:32,550
So I will use them as I please.

174
00:06:32,550 --> 00:06:33,950
But if I need to-

175
00:06:33,950 --> 00:06:36,660
If I need to use the root user specifically,

176
00:06:36,660 --> 00:06:37,620
I will let you know.

177
00:06:37,620 --> 00:06:39,540
Or if I need to use an IAM user specifically,

178
00:06:39,540 --> 00:06:41,110
I will let you know as well, okay?

179
00:06:41,110 --> 00:06:42,730
But just so you know, to keep on doing to this section,

180
00:06:42,730 --> 00:06:44,320
please have the root account,

181
00:06:44,320 --> 00:06:47,310
as well as your IAM user ready and available.

182
00:06:47,310 --> 00:06:49,150
So that's it for this lecture. I hope you liked it.

183
00:06:49,150 --> 00:06:51,100
And I will see you in the next lecture.