AWS Well-Architected Labs > Security > 200 Level Intermediate Labs > Automated Deployment of IAM Groups and Roles

Automated Deployment of IAM Groups and Roles

Last Updated: September 2020

Author: Ben Potter, Security Lead, Well-Architected

Introduction

This hands-on lab will guide you through how to use AWS CloudFormation to automatically configure AWS Identity and Access Management (IAM) Groups and roles for cross-account access. You will use the AWS Management Console and AWS CloudFormation to guide you through how to automate the configuration of a new or existing AWS account with IAM best practices. The skills you learn will help you secure your workloads in alignment with the AWS Well-Architected Framework.

Goals

Fine-grained authorization
Automate security best practices

Prerequisites

An AWS account that you are able to use for testing.
Permissions to create resources in IAM.

Costs

There are no costs for this lab
AWS Pricing

Steps:

AWS CloudFormation to Create Groups, Policies and Roles with MFA Enforced
Assume Roles from an IAM user
Tear down