Lucent Grid · Cloud Labs
Initialising console environment...
Services IAM Billing
us-east-1 ▾
IAM — Identity and Access Management
IAM
📊 Dashboard
Access management
👤 Users
👥 User groups
🔑 Roles
📋 Policies
🔒 Identity providers
🔒 Account settings
Account settings
⚙ Password policy
🔐 MFA devices
🔒 Security Token Service
Reports
🔒 Access Analyzer
🔒 Archive rules
🔒 Analyzers
🔒 Settings
🔒 Credential report
🔒 Organization activity
🔒 Service control policies
🔒 Declarations
Quick links
🔒 My security credentials
🔒 My jobs queue
IAM Dashboard
Welcome to AWS Identity and Access Management
0
IAM Users
0
User Groups
Root MFA Status
Security recommendations
Address these to improve your account security posture
Enable MFA for the root account — The root account has unrestricted access.
NOT DONE
Create an IAM user — Avoid using the root account for day-to-day tasks.
NOT DONE
Set a strong password policy — Enforce minimum requirements for all users.
NOT DONE
Assign users to groups — Manage permissions via groups, not individual users.
NOT DONE
Multi-factor authentication (MFA)
Root account security
⚠ The root account does not have MFA enabled. This is a critical security risk.
Add MFA device for root account
Users
IAM users in this account
User nameGroupsLast sign-inMFA
No IAM users yet.
Click Create user to add your first user.
Create user
Step 1 of 2 — User details
💡 Best practice: Create an IAM user for day-to-day tasks. The root account should only be used for account-level operations.
User groups
Manage permissions through groups
💡 Attach permissions policies to groups, then assign users to groups. This is easier to manage than attaching policies to individual users.
Group nameUsersAttached policies
No groups yet.
Click Create group to get started.
Create user group
Attach permissions policies
Select one or more policies to attach to this group.
Policy nameTypeDescription
AdministratorAccessAWS managedProvides full access to all AWS services and resources
PowerUserAccessAWS managedFull access to services except IAM, Organizations, and Account
ReadOnlyAccessAWS managedRead-only access to all AWS services and resources
IAMFullAccessAWS managedProvides full access to IAM via the AWS Management Console
IAMReadOnlyAccessAWS managedProvides read-only access to IAM
IAMUserChangePasswordAWS managedProvides the ability for an IAM user to change their own password
AWSBillingReadOnlyAccessAWS managedProvides read-only access to billing and cost management
AmazonS3FullAccessAWS managedProvides full access to all buckets and objects in Amazon S3
AmazonS3ReadOnlyAccessAWS managedProvides read-only access to all buckets and objects in Amazon S3
AmazonEC2FullAccessAWS managedProvides full access to Amazon EC2 via the AWS Management Console
AmazonEC2ReadOnlyAccessAWS managedProvides read-only access to Amazon EC2 via the AWS Management Console
AmazonRDSFullAccessAWS managedProvides full access to Amazon RDS via the AWS Management Console
AWSLambda_FullAccessAWS managedGrants full access to AWS Lambda, and other services required for Lambda development
AmazonVPCFullAccessAWS managedProvides full access to Amazon VPC via the AWS Management Console
AWSCloudTrail_FullAccessAWS managedProvides full access to AWS CloudTrail
CloudWatchFullAccessAWS managedProvides full access to CloudWatch
AmazonDynamoDBFullAccessAWS managedProvides full access to Amazon DynamoDB
AWSCodePipeline_FullAccessAWS managedProvides full access to AWS CodePipeline and supporting services
AmazonSNSFullAccessAWS managedProvides full access to Amazon SNS
SecurityAuditAWS managedThe security audit template grants access to read security configuration metadata
Account settings
Password policy and account preferences
Password policy
Set minimum requirements for IAM user passwords in this account.
⚠ No custom password policy is set. AWS defaults apply (minimum 8 characters, no complexity requirements).
Roles
IAM roles in this account
Roles are covered in Lab 02 — IAM Roles & Instance Profiles. Come back then!
Policies
Deep-dive policy authoring is covered in Lab 03 — Writing IAM Policies.
Billing and Cost Management
Billing Preferences
Configure alerts and invoice delivery
Free Tier usage alerts
CloudWatch billing alarm
Create an alarm that emails you when estimated charges exceed a threshold.
Alert me when monthly charges exceed $ Notify:
Policy Viewer
JSON policy document — read only
🛡 IAM Console
💰 Billing
📋 Policy Viewer
0 / 5 tasks complete 0 XP
00:00:00
🎯 Lab Objectives
Enable MFA on root account
Create a billing alarm
Create an IAM user
Set account password policy
Create Admins, Developers & ReadOnly groups
📋 GUIDE
☁ AWS LAB 01
Account Setup & IAM
Step-by-step guide — open if you get stuck
Objectives
1
Enable MFA on the root account
2
Create a billing alarm
3
Create an IAM user
4
Set an account password policy
5
Create three IAM groups with policies
Task 1 — Enable MFA on Root
Step by step
1In the IAM sidebar, click MFA devices
2Enter a device name — e.g. root-mfa
3Select Authenticator app from the dropdown
4Enter any 6 digits in code field 1 and any 6 digits in code field 2
5Click Add MFA
💡 In a real AWS account, you'd scan the QR code with Google Authenticator or Authy. In this lab, any 6 digits will work.
Task 2 — Billing Alarm
Step by step
1Click Billing in the taskbar or AWS top bar
2Enter your email and set a threshold (e.g. 5 for $5)
3Click Create billing alarm
Task 3 — Create an IAM User
Step by step
1In IAM sidebar, click UsersCreate user
2Enter a username — e.g. admin-alex
3Tick Provide user access to the AWS Console
4Choose a password type and click Next
💡 The username must be at least 3 characters. Use lowercase letters and hyphens.
Task 4 — Password Policy
Step by step
1In IAM sidebar, click Account settings
2Click Edit password policy
3Check all complexity requirements and click Save changes
Task 5 — Create Groups
Step by step — repeat 3 times
1Click User groupsCreate group
2Name: Admins — Attach: AdministratorAccess
3Name: Developers — Attach: PowerUserAccess
4Name: ReadOnly — Attach: ReadOnlyAccess
⚠ You must complete all three groups to get credit for this task.
Display Mode
Colour Vision
☁️
Lab Complete!
XP Earned
You've properly secured an AWS account from scratch — securing root, creating users, setting password policy, and organising permissions through groups. This is the foundation every well-run AWS environment is built on.
MFA Root Security IAM Users Password Policy IAM Groups Managed Policies