Home>
Cloud Labs>

Using AWS IAM Access Analyzer

Using AWS IAM Access Analyzer
Using AWS IAM Access Analyzer

CLOUD LABS

Using AWS IAM Access Analyzer

In this hands-on Cloud Lab, you’ll use IAM Access Analyzer to identify resources with overly permissive policies that allow access to external entities. Using this service, you’ll also generate a fine-grained policy for an IAM user.

9 Tasks

intermediate

2hr

Certificate of Completion

Desktop OnlyDevice is not compatible.
No Setup Required
Amazon Web Services

Learning Objectives

A thorough understanding of IAM Access Analyzer and its different features
An understanding of Access Analyzer findings and how to use them to create archive rules
The ability to generate fine-grained policies using IAM Access Analyzer
Hands-on experience creating trails for an IAM user with CloudTrail
Technologies
AWS logoAWS
Access Analyzer
IAM logoIAM
SNS logoSNS
CloudTrail
EventBridge logoEventBridge
S3 logoS3
Lambda logoLambda
Cloud Lab Overview

IAM Access Analyzer helps identify resources in your account that give access to external entities by analyzing the policies attached to the resources it supports, such as SNS topics and Lambda functions. IAM Access Analyzer can also generate fine-grained policies based on the actions taken by an IAM entity.

In this CloudLab, you’ll first enable Access Analyzer for your account, create resources such as an S3 bucket, SNS topic, and a Lambda function, and then attach some overly permissive policies to them. Next, you will observe the findings generated by Access Analyzer and create archive rules based on them. You’ll also update the overly permissive policies created earlier and rescan the findings in Access Analyzer. Next, you’ll create an IAM user and attach an overly permissive policy. Further, you’ll use the newly created user to create an S3 bucket to generate some events in CloudTrail and use Access Analyzer to generate a fine-grained policy for your IAM user.

After completing this Cloud Lab, you’ll understand how IAM Access Analyzer works, create archive rules based on the findings provided by Access Analyzer, and generate policies for IAM entities using IAM Access Analyzer.

Following is a high-level architecture diagram for this Cloud Lab:

Architecture diagram
Architecture diagram

Cloud Lab Tasks
1.Introduction
Getting Started
2.Detect Overly Permissive Policies with Access Analyzer
Enable the IAM Access Analyzer
Provision Other Resources with Permissive Policies
Create Analyzer Rules
Update Resource-Based Policies
3.Generate Policies Using Access Analyzer
Create a User and a Trail
Generate a Policy
4.Conclusion
Clean Up
Wrap Up
Labs Rules Apply
Stay within resource usage requirements.
Do not engage in cryptocurrency mining.
Do not engage in or encourage activity that is illegal.

Before you start...

Try these optional labs before starting this lab.

Cloud Lab Cover

Cloud Lab

Securing AWS Resources: Managing Access with IAM

9
beginner
1hr 30m
Cloud Lab Cover

Cloud Lab

Understanding AWS Security and Management—From Zero to Hero

12
beginner
2hr 30m

Relevant Courses

Use the following content to review prerequisites or explore specific concepts in detail.

Trusted by 1.4 million developers working at companies including

Don’t take our word for it. See what our developers have to say.

Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.

Felipe Matheus
Software Engineer
TestimonialsImg

I highly recommend Educative. The courses are well organized and easy to understand.

Adina Ong
Senior Engineering Manager
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
Senior Software Engineer
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
Senior Software Engineer
TestimonialsImg
Don’t take our word for it. See what our developers have to say.

Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.

Felipe Matheus
Software Engineer
TestimonialsImg

I highly recommend Educative. The courses are well organized and easy to understand.

Adina Ong
Senior Engineering Manager
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
Senior Software Engineer
TestimonialsImg

Get access to Educative Cloud Labs

Course Footer Image
Course Footer Image

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Blind 75

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

INTERVIEW PREP COURSES

Grokking the Modern System Design Interview

Grokking the Product Architecture Design Interview

Grokking the Coding Interview Patterns

Machine Learning System Design

Tiktok Streamline Icon: https://streamlinehq.com

Copyright ©2024 Educative, Inc. All rights reserved.

soc2