In this project based on a real-world scenario, I acted as a Cloud Specialist with the mission to migrate users into AWS Identity and Access Management (IAM) in an automated way and manage AWS IAM resources.
There were 100 user of the IT department that needed to be migrated and to have MFA (Multi-factor authentication) enabled on their accounts, as this is a security best practice.
To avoid repetitive and manual tasks in the AWS management console, I needed to think about automating the processes.
Using Git Bash with AWS CLI and a Shell Script, I imported employee data (from a spreadsheet that HR had provided) into AWS IAM, generating the IAM user accounts and automatically assigning them to specific IAM user groups that I had created in advance.
I then created a custom IAM policy to enforce MFA by uploading a JSON file and applying the policy to each of the IAM groups. I tested the EnforceMFA policy by confirming that users accounts that had not setup MFA were denied actions on resources within the management console. Users were only able to perform actions on resources after setting up MFA, logging out, and then logging back in using MFA.
This project was a great experience. I was able to very quickly automate the process of creating a large number of IAM resources and assigning them to groups configured with appropriate permissions. This process would be very time-consuming to execute manually, and I can see how beneficial this would be for the projects I will be working on as a Cloud Infrastructure Engineer.
