Skills Challenge: IAM Identity Center

Welcome to the very first CloudSLAW Skills Challenge! This week you’ll get to push yourself a little, and try out new skills on your own. Next week I’ll post how I solved the problem, and you can see how someone with my experience approached it.

The Setup

I keep telling you that IAM is the most important facet of cloud security, so it shouldn’t surprise you that IAM is our focus.

Over the course of these labs I actually set you up for failure. What? Yep! In our work with IAM Identity Center we created a group and a permission set that, while correct, wouldn’t be how I configure things in real life.

If you go back to Creating Security Team Permissions in IAM Identity Center, we created a group for IAM Administrators and assigned it permissions to manage Identity Center, using an AWS managed policy.

Here’s the problem: that permission set/policy allows someone to run Identity Center itself, but they can’t view or create policies! I understand why some organizations might configure things like this, but personally if I am letting you administer Identity Center, I expect you to see and assign policies.

The Challenge

Let’s fix that gap. I want you to:

• Create a new policy that adds permissions to view, create, update, and delete IAM policies.

• Add it to the Identity Center permission set for IAM Administrators.

• Validate that it works.

This is straightforward, but if you haven’t worked with Identity Center on your own outside these lessons, it might take you a little longer.

Okay, have fun, try not to get too frustrated, and I’ll see you in a week!

-Rich