On my journey to becoming an AWS Certified Solutions Architect, i noticed there wasn’t really any open source ways to create Labs or Assessments using the AWS environment. Although it might not be coded the best, i intend to create a powershell based AWS Environment that allows for Labs and assessment using a combination of AWS Technologies.
I hope to improve the architecture of this as i go so that i may better understand how to architect usable solutions.
AWS OpenLabs V1. Rather than provide users the Cloudformation template to provision the environment, this simply gives a way to deploy IAM Users with Console Passwords for a certain period time with a particular set of IAM Roles and Policies for particular lab scenarios
Notes on this particular Architecture:
- The main part of this architecture is created IAM Users and creating a Console Password for them. After a setup amount of time, those accounts can than be deleted.
- Attach certain Roles / Policies to certain groups so that if a user is contained with a certain IAM group, they will only be provided the particular permissions of that group. The IAM Role will provide high level access in which all lab scenarios share. The IAM policy for the particular session will only be limited to the pertinent rights of that share.
- High Level permissions include:
- Limit Provisioning to a certain region
- DENY the IAM privilege
- DENY modifying resource tags
- Low Level permissions include:
- Access to particular AWS Services related to the particular scenario
- Functions to make all this work include:
- Function which creates users and create a console password for those users
- Function which moves users from one group to another
- Function which removes users from groups, deletes their profile password, and deletes the users itself
- Variable IAM Policy Generation
- Tagging untagged Resources
- A Cleanup modules that deletes particular resources by age / tag