During Day 17 of the KodeKloud 100 Days of Cloud Challenge, I worked with another important IAM feature in AWS: IAM Groups.

In the previous lab, I created an IAM user. However, managing permissions individually for every user can become difficult as the number of users grows. AWS IAM Groups help solve this problem by allowing multiple users to be managed together and assigned permissions as a group.

In this lab, the objective was to create an IAM group named iamgroup_kirsty.

What is an IAM Group?

An IAM Group is a collection of IAM users.

Instead of attaching permissions to each user separately, permissions can be assigned to a group, and all users within that group inherit those permissions automatically.

IAM Groups are commonly used to organize users based on their roles, such as:

• Developers

• DevOps Engineers

• Database Administrators

• Security Teams

• Read-Only Users

This makes permission management much easier in larger AWS environments.

Lab Objective

The requirement for this task was straightforward:

• Create an IAM group named iamgroup_kirsty

Steps Performed

Step 1: Open the IAM Console

I logged in to the AWS Management Console and searched for IAM.

From the AWS services menu, I opened the IAM Dashboard.

Step 2: Navigate to User Groups

From the left navigation menu, I selected:

IAM → User Groups

This section displays all existing IAM groups within the AWS account.

Step 3: Create the IAM Group

I clicked on Create Group and entered the following details:

For this lab, no policies needed to be attached. After reviewing the information, I created the group.

Step 4: Verify Group Creation

After the group was created, I checked the User Groups section and confirmed that iamgroup_kirsty appeared in the list.

This verified that the task had been completed successfully.

What I Learned

This lab helped me understand why IAM Groups are useful when managing multiple users.

Creating a group may seem like a small task, but it becomes extremely valuable when an organization has dozens or even hundreds of users. Instead of updating permissions user by user, administrators can manage permissions at the group level.

This approach reduces operational effort and helps maintain consistent access control across teams.

Real-World Usage

In production AWS environments, IAM Groups are commonly used to organize users based on their job responsibilities.

For example:

• Developers may belong to a Developer Group

• DevOps Engineers may belong to a DevOps Group

• Auditors may belong to a ReadOnly Group

Permissions are assigned to the group, and every member automatically receives the appropriate access level.

This approach follows AWS security best practices and simplifies user management.

Conclusion

Day 17 introduced IAM Groups, an important feature for managing user permissions efficiently in AWS.

While the task only involved creating a single group, it demonstrated how AWS helps organizations scale access management as teams grow. Understanding IAM users and groups is a key step toward building secure and well-organized AWS environments.

As I continue the KodeKloud 100 Days of Cloud Challenge, I am gaining hands-on experience with the core AWS services that are used daily in real-world cloud infrastructure.

Whenever we create infrastructure in AWS, managing access becomes a critical task. Instead of sharing the root account with everyone, AWS provides IAM to create users and control what actions they can perform.

In this lab, the objective was simple: create a new IAM user named iamuser_james.

What is AWS IAM?

AWS Identity and Access Management (IAM) is a service that helps manage access to AWS resources securely.

Using IAM, we can:

• Create users for different team members

• Assign permissions through policies

• Organize users into groups

• Create roles for services and applications

• Follow security best practices by avoiding root account usage

One thing I have noticed while learning AWS is that IAM is usually one of the first services configured in a new AWS account because every other service depends on proper access control.

Lab Objective

The requirement for this task was straightforward:

• Create an IAM user named iamuser_james

Steps Performed

Step 1: Open the IAM Console

I logged in to the AWS Management Console and searched for IAM.

From the AWS services menu, I opened the IAM Dashboard.

Step 2: Navigate to Users

From the left navigation menu, I selected:

IAM → Users

This section displays all IAM users available in the account.

Step 3: Create the IAM User

I clicked on Create User and entered the following details:

After reviewing the information, I proceeded with the user creation process.

Step 4: Verify User Creation

Once the user was created, I verified that iamuser_james appeared in the Users list.

This confirmed that the task was completed successfully.

What I Learned

Although this was a simple task, it reinforced an important AWS concept.

Instead of using the root account for daily operations, IAM users should be created for individuals who need access to AWS resources.

In real-world environments, IAM users are typically assigned permissions through IAM Groups and Policies, ensuring that users only have access to the resources they actually need.

Real-World Usage

In production environments, organizations often have multiple developers, DevOps engineers, and administrators working within the same AWS account.

IAM helps enforce the principle of least privilege, where each user receives only the permissions required to perform their job.

This improves security and reduces the risk of accidental changes.

Conclusion

Day 16 introduced another foundational AWS concept through IAM user management.

While creating an IAM user may seem like a small task, it is one of the building blocks of AWS security. Understanding IAM is essential because every AWS service relies on proper authentication and authorization.

As I continue the KodeKloud 100 Days of Cloud Challenge, I am gaining practical experience with the services that form the foundation of cloud infrastructure.

During Day 15 of the KodeKloud 100 Days of Cloud Challenge, I have done some work in creating Amazon EBS snapshot. It is one of the ways that snapshots can be created in AWS for backing up EBS volumes and recovering data in cases of data loss through deletion, corruption, or failure of infrastructures.

This lab aims at creating a snapshot of an already existing EBS volume known as xfusion-vol within us-east-1 region.

What is an Amazon EBS Snapshot?

Amazon EBS Snapshot is a backup of an EBS volume that exists in Amazon S3. Amazon EBS Snapshots can be used for:

• Backing up important data

• Restoring deleted volumes

• Creating new volumes out of existing data

• Disaster Recovery strategies

• Automation of the process of backup

Lab Objective

The requirements of this task were:

• Creation of a snapshot of the existing EBS volume xfusion-vol

• Name of the snapshot is xfusion-vol-ss

• Description of the snapshot is xfusion Snapshot

• Ensure the status of the snapshot is Completed

Steps Performed

Step 1: Navigate to the EC2 Dashboard

I opened the AWS Management Console and selected the us-east-1 region.

Step 2: Locate the EBS Volume

From the EC2 console:

EC2 → Elastic Block Store → Volumes

I searched for the volume named: xfusion-vol

Step 3: Create the Snapshot

I selected the volume and clicked:

Actions → Create Snapshot

Then I entered:

After verifying the details, I created the snapshot.

Step 4: Verify Snapshot Creation

I navigated to:

EC2 → Snapshots

and monitored the snapshot status.

Initially the status showed:

Pending

After a short period, it changed to:

Completed

which confirmed that the snapshot was successfully created.

Conclusion

Day 15 introduced a fundamental AWS backup concept through Amazon EBS Snapshots. Although creating a snapshot is a simple task, it plays a critical role in protecting data and enabling recovery in real-world cloud environments.

As I continue the KodeKloud 100 Days of Cloud Challenge, I am gaining hands-on experience with core AWS services and operational best practices.

1. Delete the ec2 instance named xfusion-ec2 present in us-east-1 region.

1. Before submitting your task, make sure instance is in terminated state

Thankyou !!!!!!!!!!!!!!

For this task, create an AMI from an existing EC2 instance named devops-ec2 with the following requirement:

• Name of the AMI should be devops-ec2-ami, make sure AMI is in available state.

  

Thankyou !!!!!!!!!!

An instance named xfusion-ec2 and a volume named xfusion-volume already exists in us-east-1 region. Attach the xfusion-volume volume to the xfusion-ec2 instance, make sure to set the device name to /dev/sdb while attaching the volume.

Steps:

1. Go to ec2 instance and follow below steps

1. Attach volume

Thankyou !!!!!!!!!!

An instance named nautilus-ec2 and an elastic network interface named nautilus-eni already exists in us-east-1 region.

• Attach the nautilus-eni network interface to the nautilus-ec2 instance.

  

• Make sure status is attached before submitting the task.

  

Please make sure instance initialisation has been completed before submitting this task.

Thankyou !!!!!!!!!!!

There is an instance named datacenter-ec2 and an elastic-ip named datacenter-ec2-eip in us-east-1 region. Attach the datacenter-ec2-eip elastic-ip to the datacenter-ec2 instance.

Steps:

1. Go to ec2 instance and follow below steps

1. Select ec2 instance and private ip

Thankyou !!!!!!!!!!

An instance named nautilus-ec2 already exists in us-east-1 region. Enable termination protection for the same.

Steps:

1. Go into ec2 instance and follow below steps

1. Click on enable

Thankyou !!!!!!!!!!!!

There is an EC2 instance named nautilus-ec2 under us-east-1 region, enable the stop protection for this instance.

Steps:

1. Go to instance and follow below steps

1. Click on Enable and save

Thankyou !!!!!!!!!!!!

1. Change the instance type from t2.micro to t2.nano for datacenter-ec2 instance.

1. Make sure the ec2 instance datacenter-ec2 is in running state after the change.

Thankyou !!!!!!!!!!

For this task, create an EC2 instance with following requirements:

1. The name of the instance must be xfusion-ec2.

1. You can use the Amazon Linux AMI to launch this instance.

1. The Instance type must be t2.micro.

1. Create a new RSA key pair named xfusion-kp.

1. Attach the default (available by default) security group.

Thankyou !!!!!!!!!!!

Create a volume with the following requirements:

• Name of the volume should be devops-volume.

• Volume type must be gp3.

Volume size must be 2 GiB

Thankyou !!!!!!!!!!!!!!

1.First Create S3 Bucket

2.Then create i am role permission

3.Create ec2 instance and attach i am permission

4.Connect With Ec2 instance and run python script That's all

So motive of this project is We can access s3 bucket from ec2 instance without login any aws sdk or amazon login or any amazon accesss key(we can make access key from account then in ec2 we will use aws config and use our access key then we can acess s3)

Step 1: Create an S3 Bucket

1. Go to AWS Console

2. Open S3

3. Click Create Bucket

1. Give unique name (example: anand-raval-bucket) in below ss i used anand-bucket but later i released that's not available that's why i used anand-raval-bucket

1. Click on Creat Bucket

1. Upload File i.e. anand-raval.txt in bucket

2. Add some text inside (i added text nothing)

Step 2: Create IAM Role for EC2

1. Go to IAM

2. Click on Roles

1. Click on Create Role

1. Choose Aws Service

2. Choose EC2 in Use Case

1. Attach Full Access s3 permission (For production attach at least privilege permission )

1. You can give any role (I gave EC2-Acess-Full-S3)

Step 3: Launch EC2 Instance

• AMI: Ubuntu 22.04

• Instance Type: t2.micro (Free tier)

• Allow SSH (Port 22)

• Launch instance

-> Select ec2 and click on action > Security > Modify IAM role

-> Select EC2-Access-Full-S3 role which we already created in previous steps

-> Open Ec2 instance run below code

sudo apt update
sudo apt install python3-pip -y
pip3 install boto3

You will phase some error cause while install things using previous command basically Ubuntu 22.04/24.04 security feature (PEP 668).AWS Ubuntu AMIs now block global pip install to protect system Python for this solution we will make virtual environment in linux using python then we can install boto3 let's run below command

sudo apt install python3-venv python3-full -y
python3 -m venv myenv #creating venv
source myenv/bin/activate #acitivng venev
pip install boto3

import boto3

# Create S3 client (IAM Role automatically used)
s3 = boto3.client('s3')

bucket_name = "anand-raval-bucket" #Use your bucket name

# List objects
response = s3.list_objects_v2(Bucket=bucket_name)

print("Files inside bucket:\n")

for obj in response.get('Contents', []):
    print(obj['Key'])

# Read a specific file
file_key = "anand-raval-file.txt" #change file name if you use another name

file_obj = s3.get_object(Bucket=bucket_name, Key=file_key)

content = file_obj['Body'].read().decode('utf-8')

print("\nFile Content:\n")
print(content)

-> Now run file python3 file_name

Congratulations If you able to access s3 from ec2 instance you worked fantastic and from this project you learnt small about s3, i am role and ec2 and how it's work and other projects are there in my blog where you can learn more about aws

Create an IAM role as below:

1) IAM role name must be iamrole_ammar.

2) Entity type must be AWS Service and use case must be EC2.

3) Attach a policy named iampolicy_ammar.

Thankyou !!!!!!!!!!!!!

An IAM user named iamuser_kareem and a policy named iampolicy_kareem already exist. Attach the IAM policy iampolicy_kareem to the IAM user iamuser_kareem.

Thankyou !!!!!!!!!!!!

Create an IAM policy named iampolicy_ravi in us-east-1 region, it must allow read-only access to the EC2 console, i.e this policy must allow users to view all instances, AMIs, and snapshots in the Amazon EC2 console.

Thankyou !!!!!!!!!

For this task, allocate an Elastic IP address, name it as nautilus-eip

Thankyou !!!!!!!!!!!

For this task, create one subnet named devops-subnet under default VPC.

For this task, create a security group under default VPC with the following requirements:

• Name of the security group is datacenter-sg.

• The description must be Security group for Nautilus App Servers

• Add the inbound rule of type HTTP, with port range of 80. Enter the source CIDR range of 0.0.0.0/0.

• Add another inbound rule of type SSH, with port range of 22. Enter the source CIDR range of 0.0.0.0/0.

Thankyou !!!!!!!!!!!!!!!!