👤 Users & Groups
Create an IAM user (with or without programmatic access)
Create an IAM group (e.g., “Developers” or “Admins”)
Attach policies to the group (like AmazonEC2FullAccess)
Add the user to the group
🔐 Permissions & Policies
Create a custom IAM policy (JSON-based)
Attach the policy to a user, group, or role
Use IAM Policy Simulator to test permissions
🌀 Roles
Create a role for EC2 (with policy like AmazonS3ReadOnlyAccess)
Attach the role to an EC2 instance
Test access from inside EC2 (e.g., use AWS CLI to access S3)
🔏 MFA & Security
Enable MFA for an IAM user
Try console login and verify MFA works
Review and rotate access keys
