This directory contains several CloudFormation templates.
This CloudFormation template creates:
- IAM policies for nearly full access to EC2 and and EMR services
- IAM policy for self-management of password, MFA, and access keys
- IAM role that grants access via Cornell SSO
- IAM group that grants that access to IAM users
(Based on https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html.)
- Sign into the console: https://console.aws.amazon.com/iam/
- Users -> Add User
- Add email address of target user as the sign-in name.
- Add additional users, if required
- Select AWS Management Console access
- Select autogenerated password
- Require password Reset
- Next: permissions
- Add user to Group
- select ec2emr-users
- Skip permissions boundary
- Next: Review
- download CSV with credentials
- Securely distribute user names and password to users.
- DO NOT email passwords
(Starts with getting their iam sign-in name and password from account admin.)
- Login at CUSTOM URL
- Password change (forced)
- set MFA
- Logout
- Login with MFA