- Cloud Security Lab a Week (S.L.A.W)
- Posts
- Skills Challenge: IAM Identity Center
Skills Challenge: IAM Identity Center
It's time to see what you've learned, and try to build without step-by-step instructions
Step by step labs are great, but aren’t very challenging. One of the best ways to really imprint learning is to get practice without someone walking you through every detail. That’s where CloudSLAW Skills Challenges come into play. From time to time I’ll challenge you to achieve a specific objective one week, then follow up with the full solution a week later.
Welcome to the very first CloudSLAW Skills Challenge! This week you’ll get to push yourself a little, and try out new skills on your own. Next week I’ll post how I solved the problem, and you can see how someone with my experience approached it.
The Setup
I keep telling you that IAM is the most important facet of cloud security, so it shouldn’t surprise you that IAM is our focus.
Over the course of these labs I actually set you up for failure. What? Yep! In our work with IAM Identity Center we created a group and a permission set that, while correct, wouldn’t be how I configure things in real life.
If you go back to Creating Security Team Permissions in IAM Identity Center, we created a group for IAM Administrators and assigned it permissions to manage Identity Center, using an AWS managed policy.
Here’s the problem: that permission set/policy allows someone to run Identity Center itself, but they can’t view or create policies! I understand why some organizations might configure things like this, but personally if I am letting you administer Identity Center, I expect you to see and assign policies.
The Challenge
Let’s fix that gap. I want you to:
Create a new policy that adds permissions to view, create, update, and delete IAM policies.
Add it to the Identity Center permission set for IAM Administrators.
Validate that it works.
This is straightforward, but if you haven’t worked with Identity Center on your own outside these lessons, it might take you a little longer.
Okay, have fun, try not to get too frustrated, and I’ll see you in a week!
-Rich
Reply