Welcome to Day 1 of the 100 Days of Multi-Cloud with Hands-On Projects
In this first session, we’re diving into one of the most critical and foundational topics in cloud computing — AWS Identity and Access Management (IAM). 100 Days of Multi-Cloud with Hands-On Projects
IAM is the backbone of every secure AWS environment. It controls who can access what, ensuring that every user, service, and application operates under the principle of least privilege — meaning they have only the permissions required to perform their job, nothing more.
By the end of this article (and the accompanying YouTube video), you’ll be able to create IAM users, groups, and roles just like a real cloud engineer with several years of experience. Let’s jump in and get hands-on!
🧠 What Is AWS IAM?
IAM stands for Identity and Access Management. It’s a global service that helps you manage access to your AWS resources securely. IAM lets you define who (identity) can do what (permissions) in your AWS account.
IAM provides four core identity types:
1️⃣ IAM Users
These represent real people — such as you, your teammates, or other administrators.
Use-cases:
Logging into the AWS Management Console
Using the AWS CLI or SDKs with access keys
2️⃣ IAM Groups
A collection of users who share the same permissions.
Use-cases:
Developers group
Admins group
Auditors group
Groups help you assign permissions collectively, instead of individually.
3️⃣ IAM Roles
Temporary credentials that are assumed by AWS services, external users, or even other AWS accounts.
Use-cases:
EC2 instances accessing S3 buckets
Lambda functions writing to DynamoDB
GitHub Actions deploying code to AWS
Cross-account access in multi-account setups
4️⃣ IAM Policies
JSON-based documents that define what actions are allowed or denied.
Example:
Allow S3 Read
Allow EC2 Start/Stop
Deny Delete actions
Policies can be attached to users, groups, or roles, controlling their access level precisely.
🔐 AWS IAM Best Practices
These are real-world security principles followed by professional cloud engineers:
✔ Use groups to manage permissions collectively.
✔ Enable Multi-Factor Authentication (MFA) for all users.
✔ Never use the root user for daily tasks.
✔ Always follow the principle of least privilege.
✔ Rotate access keys regularly.
✔ Use IAM Roles for applications and AWS services.
✔ Apply policy boundaries to restrict administrative access.
Following these ensures your AWS environment remains both functional and secure.
🛠️ Hands-On Project: AWS IAM Setup
Let’s go step-by-step and actually build it.
STEP 1 — Create a Group
Open AWS Console → IAM
Navigate to User groups → Create group
Name it:
DevelopersAttach the policy: AmazonS3ReadOnlyAccess
Click Create group
💬 Explanation:
All users in the Developers group can now read S3 buckets — nothing more.
STEP 2 — Create a User
Go to IAM → Users → Create user
Enter username:
john.developerSelect: ☑ Console access
Set a password
Add the user to the Developers group
Click Create user
💬 Explanation:
The user automatically inherits all group permissions (S3 ReadOnly).
STEP 3 — Enable MFA (Recommended)
Go to the created user → Security credentials
Assign MFA → Virtual MFA device
Use the Google Authenticator App
💬 Explanation:
MFA improves security by 99% against unauthorized logins.
STEP 4 — Create IAM Role (For EC2)
IAM → Roles → Create role
Select AWS Service → EC2
Attach policy: AmazonS3ReadOnlyAccess
Name it:
EC2-S3ReadRoleClick Create role
💬 Explanation:
This role lets EC2 instances access S3 without storing access keys — much safer.
STEP 5 — Attach Role to EC2 Instance
Go to EC2 → Instances
Select your instance → Actions → Security → Modify IAM role
Choose:
EC2-S3ReadRole
💬 Explanation:
Now your EC2 instance has temporary, secure AWS credentials to access S3.
🎉 Day 1 Project Completed!
You’ve successfully learned and implemented:
✔ IAM User Creation
✔ Group & Policy Permissions
✔ MFA Configuration
✔ Role Creation
✔ EC2 Role Assignment
This is exactly how a Cloud Engineer manages access in a real AWS environment.
🔗 Resources & Links
📺 Watch the full hands-on video on YouTube: https://youtu.be/TVPwoVW4wys?si=0as8q8j4OquA40r0
💻 GitHub Repository for project code: https://github.com/Consultantsrihari/100-days-multicloud-with-12projects
🌐 Connect on LinkedIn: https://www.linkedin.com/in/venkatasrihari/
🏁 Conclusion
AWS IAM is the foundation of every cloud journey. Whether you’re learning AWS, Azure, or GCP, understanding IAM principles sets you up for success.
This is Day 1 of 100 Days of Multi-Cloud — and you’ve already built your first secure setup.
Next up, we’ll explore more hands-on projects that make you job-ready as a Multi-Cloud Engineer.
Stay tuned, and don’t forget to subscribe to the YouTube channel to continue your journey. 🚀
For more information about interview questions and answers Open-source Projects, DevOps and Cloud project, please stay tuned TechCareerHubs official website.
