CLOUD COMPUTING

HOW WEBSITES WORK

WHAT IS A SERVER

A server is a specialized computer or software that provides

services, resources, or data to other computers, devices, or
clients over a network. Servers are essential components of
modern IT infrastructures, playing a central role in delivering
web pages, managing email, hosting databases, and running
applications.
Key Characteristics of a Server:

1. Hardware vs. Software:

A hardware server is a physical machine that typically has

more powerful components (CPU, memory, storage) than a
regular desktop or laptop. It is designed to run continuously,
handle large amounts of data, and support multiple users
simultaneously.

A software server is a program or application that runs on a

physical machine and performs a specific task, such as serving
web pages or handling emails.

2. Role: Servers manage network resources and respond to

requests from client devices (such as computers, smartphones,
or tablets). When you visit a website, your browser sends a
request to a web server, which then responds by sending the
website data back to your browser.

Types of Servers:

Servers come in many different forms, each serving a specific

purpose in a network or IT system.

1. Web Server: A web server hosts websites and serves web

pages to users' browsers. When you type a URL into your
browser, the web server processes your request and sends the
appropriate files (HTML, CSS, images, etc.).

- Example: Apache HTTP Server, Ngin, Microsoft IIS.

2. File Server: A file server stores and manages files, allowing

users on a network to access, store, and share files over the
network.

- Example: Windows Server, Network Attached Storage (NAS)

devices.
3. Database Server: A database server hosts databases and
manages data storage, retrieval, and querying. It responds to
requests from applications or other servers that need to access
or manipulate data.

- Example: MySQL, **Microsoft SQL Server, Oracle Database.

4. Mail Server: A mail server handles the sending, receiving, and

storing of email messages for users. It processes and stores
email on behalf of users and also manages communication
between different mail systems.

- Example: Microsoft Exchange Server, Postfix, Sendmail.

5. Application Server: An application server provides an

environment in which applications run, typically hosting
business logic for web applications. It often interfaces with other
servers (e.g., database servers) to process user requests.

- Example: Apache Tomcat, JBoss, Microsoft IIS (for ASP.NET).

6. DNS Server (Domain Name System): A DNS server translates

human-readable domain names (like `example.com`) into IP
addresses, allowing computers to find each other on the
network.

- Example: BIND, Microsoft DNS Server.

7. Proxy Server: A proxy server acts as an intermediary between

a client and a destination server. It can be used to cache data,
improve security, or filter traffic.

- Example: Squid Proxy, HAProxy.

8. Game Server: A server that hosts multiplayer online games,

allowing players to connect and interact with each other in a
virtual environment.

- Example: Minecraft Server, Counter-Strike Server.

How Servers Work:

Servers work by following a client-server model, where the

server waits for requests from clients, processes them, and
sends back the appropriate response.

1. Request: A client (such as a web browser or an application)

sends a request to the server. This could be a request for a web
page, an email, a file, or any other type of data or service.

2. Processing: The server processes the request. For example, if

it's a web server, it will retrieve the necessary HTML files from its
storage and prepare them for delivery.

3. Response: Once the server has processed the request, it sends

a response back to the client. The response could be a web
page, an email, a file, or a data query result.

4. Communication Protocols: Servers and clients communicate

over specific protocols, such as:

- HTTP/HTTPS (HyperText Transfer Protocol) for web servers.

-SMTP (Simple Mail Transfer Protocol) for email servers.

- FTP (File Transfer Protocol) for file servers.

- DNS (Domain Name System) for DNS servers.

TRADITIONAL IT APPROACH TO CLOUD
COMPUTING

The traditional IT approach to computing — often referred to as

on-premises IT or legacy IT infrastructure — involves
organizations building and maintaining their own data centers,
servers, storage, and networking hardware. Before cloud
computing became widespread, businesses relied on this
model to host applications, store data, and run operations.

Here's an overview of the traditional IT approach compared to

the modern cloud computing model:

1. On-Premises Hardware and Infrastructure

Physical Servers: Organizations would purchase physical servers

to run applications and store data. These servers were often
over-provisioned to handle peak loads, leading to inefficiencies.

Data Centers: Companies would maintain their data centers (or

co-located facilities), managing everything from physical
security to cooling and power.
Network Infrastructure: On-premises IT requires companies to
manage their networking components, including routers,
firewalls, and switches.

Challenges:

• High upfront capital costs for purchasing and setting up

infrastructure.
• Ongoing costs for maintaining hardware, including cooling,
power, and physical security.
• Limited scalability—expanding capacity required
purchasing and physically installing new hardware.
• Long provisioning times for new resources, often requiring
weeks or months.
• Hiring a 24/7 team to monitor the infrastructure
• How to deal with disasters? (earthquake, power shutdown,
fire…)

WHAT IS CLOUD COMPUTING

Cloud computing is a technology that allows users and
organizations to access, store, and manage data and
applications over the Internet, rather than relying on local
servers or personal computers. Essentially, cloud computing
enables on-demand access to computing resources (like
servers, storage, databases, networking, software, and
analytics) via the internet, often referred to as "the cloud."
EXAMPLES OF SOME CLOUD SERVICES

CLOUD DEPLOYMENT MODELS (WHO USES IT)

1. Public Cloud: Services are provided over the internet by

third-party providers (e.g., AWS, Microsoft Azure, Google
Cloud).
2. Private Cloud: Cloud services are provided within an
organization’s own data center or by a third party, but the
infrastructure is not shared with others.
 3. Hybrid Cloud: A combination of public and private clouds,
allowing data and applications to be shared between
them.

THE FIVE CHARACTERISTICS OF CLOUD COMPUTING

1. On-demand self-service:
a. Users can provision resources and use them without human
interaction from the service provider

2. Broad network access:

a. Resources available over the network, and can be accessed by
diverse client platforms

3. Multi-tenancy and resource pooling:

a. Multiple customers can share the same infrastructure and
applications with security and privacy
b. Multiple customers are serviced from the same physical
resources

4. Rapid elasticity and scalability:

a. Automatically and quickly acquire and dispose of resources
when needed
b. Quickly and easily scale based on demand
 5. Measured service:
a. Usage is measured, users pay correctly for what they have
used

SIX ADVANTAGES OF CLOUD COMPUTING

1. Trade capital expense (CAPEX) for operational expense
(OPEX):
a. Pay On-Demand: don’t own hardware
b. Reduced Total Cost of Ownership (TCO) & Operational Expense
(OPEX)
2. Benefit from massive economies of scale:
a. Prices are reduced as AWS is more efficient due to large-scale

3. Stop guessing capacity:

a. Scale based on actual measured usage

4. Increase speed and agility

5. Stop spending money running and maintaining data

centers

6. Go global in minutes: leverage the AWS global infrastructure

PROBLEMS SOLVED BY THE CLOUD

1. Flexibility: change resource types when needed
2. Cost-Effectiveness: pay as you go, for what you use
3. Scalability: accommodate larger loads by making hardware
stronger or adding additional nodes
4. Elasticity: ability to scale out and scale in when needed
5. High-availability and fault-tolerance: build across data
centers
6. Agility: rapidly develop, test, and launch software applications
 TYPES OF CLOUD COMPUTING (WHAT IS
PROVIDED)
• Infrastructure as a Service (IaaS)
o Provides virtualized computing resources over the
internet, such as servers, storage, and networking
(e.g., Amazon Web Services, Microsoft Azure).
o Example: Amazon EC2, Google Compute Engine
o Instead of buying and maintaining your physical
servers and equipment, you can rent these resources
from a cloud provider like Amazon Web Services
(AWS) or Microsoft Azure.
o Highest level of flexibility
o Easy parallel with traditional on-premises IT

Platform as a Service (PaaS)

o Offers a platform allowing customers to develop, run,
and manage applications without worrying about the
underlying infrastructure (e.g., Google App Engine,
Heroku).
o Removes the need for your organization to manage
the underlying infrastructure
o Focus on the deployment and management of your
applications
• Software as a Service (SaaS)
o Delivers software applications over the internet,
where users access software through a web browser
without needing to install or maintain it locally (e.g.,
Google Workspace, Microsoft 365).
o Completed product that is run and managed by the
service provider
In this image, blue blocks represent components managed by
the user, while orange blocks represent components managed
by the service provider. Here’s how it breaks down for each
model:

1. On-Premises:

- All components are managed by the user. This includes

applications, data, runtime, middleware, operating system
(O/S), virtualization, servers, storage, and networking.

- On-premises setups give full control but require the user to

manage everything themselves, from physical hardware to
software.

2. Infrastructure as a Service (IaaS):

- Managed by user: Applications, data, runtime, middleware,

and operating system.

- Managed by provider: Virtualization, servers, storage, and

networking (all these makeup infrastructure).
 - With IaaS, the provider handles the underlying infrastructure
(hardware and virtualization), while the user manages the
software stack and applications.

3. Platform as a Service (PaaS):

- Managed by user: Applications and data.

- Managed by provider: Runtime, middleware, operating

system, virtualization, servers, storage, and networking.

- In PaaS, the provider takes care of the entire platform

(including runtime and middleware) needed to run applications,
leaving the user responsible only for applications and data.

4. Software as a Service (SaaS):

- Managed by provider: All components, including

applications, data, runtime, middleware, operating system,
virtualization, servers, storage, and networking.

- In SaaS, the provider handles everything, delivering a ready-

to-use application over the internet, with no management
needed by the user.

EXAMPLE OF CLOUD COMPUTING TYPES

PRICING OF THE CLOUD – QUICK OVERVIEW

AMAZON WEB SERVICES(AWS)

Amazon Web Services (AWS) is a leading cloud computing
platform offered by Amazon. It provides a broad set of global,
on-demand cloud-based services for computing, storage,
databases, networking, machine learning, artificial intelligence,
analytics, and more. AWS enables organizations to build and
scale applications efficiently without needing on-premises
infrastructure.

CORE AWS SERVICES

 1. Compute Services
2. Storage Services
3. Database Services
4. Networking Services
5. Machine Learning and AI
6. Developer and Management Tools

POPULAR USE CASES FOR AWS

• Web and Mobile Applications: Hosting scalable web and
mobile applications with backend and database support.
• Big Data and Analytics: Collecting, storing, and analyzing
data at scale.
• Machine Learning: Building, training, and deploying
machine learning models with services like SageMaker.
• Enterprise Applications: Migrating legacy applications to
the cloud and optimizing resources.
• Disaster Recovery: Leveraging AWS’s global infrastructure
for data backup and disaster recovery.

STEPS TO CREATING AWS ACCOUNT

1) go www.aws.amazon.com

2)click on Create an AWS account

3) fill up your email address and account name

4) confirm your email

5)create and confirm the root password

6) fill in AWS contact information (select personal)

7) fill up billing information (must have at least 2k or 1$)

8) confirm your identity

9) select a support plan (basic plan)

10) you'll see a congratulations page saying" We are activating
the account, which should only take a few minutes to receive an
email when the registration is complete.

AWS REGION
An AWS Region is a specific geographic area where Amazon
Web Services (AWS) has data centers and provides cloud
services. Each AWS Region consists of multiple Availability Zones
(AZs), isolated locations within a region. These regions are
strategically distributed globally to support high availability,
reliability, and low latency for AWS customers.

1. Regions:
- AWS has multiple regions worldwide, each named after its
geographic location (e.g., `us-east-1` for Northern Virginia in
the U.S., `eu-west-1` for Ireland in Europe).
- Each region operates independently, allowing customers to
deploy applications close to their end-users for better
performance and compliance with local regulations.
 2. Availability Zones (AZs):

- Within each region, there are multiple Availability Zones (at

least two, often three or more).

- Each AZ is a separate data center or group of data centers

with independent power, networking, and cooling to enhance
fault tolerance.

- Using multiple AZs enables high availability and fault

tolerance, as applications can continue running even if one AZ
has an issue.
 TOUR OF THE AWS CONSOLE

IDENTITY AND ACCESS MANAGEMENT(IAM)

The IAM (Identity and Access Management) is essential for
managing access to resources within a cloud environment. IAM
allows administrators to control who (identity) can access
specific resources and what actions they can perform (access
management).

Key Components of IAM

Users:

• Individual people or applications that need access to cloud

resources.
• Each user is given unique credentials (username and
password or access keys for programmatic access).

Groups:

• A collection of users with similar access needs.

• Allows administrators to assign permissions to a group
instead of each individual user, making management
easier.
Group: Developers:

1. It contains Alice, Bob, and Charles, who are both members

of the Developers group.
2. Likely has permissions relevant to development tasks, such
as access to specific AWS services or resources required
by developers.

Group: Operations:

1. Contains David and Edward.

2. This group could have permissions for operational tasks
like managing infrastructure, monitoring resources, or
handling troubleshooting tasks.

User Belonging to Multiple Groups:

• David and Charles are part of multiple groups:

o Charles is in both the Developers and Audit Team
groups.
o David is in both the Audit Team and Operations
groups.
• This allows Charles and David to have combined
permissions from both groups they belong to. For example,
 David may have permission to perform operational tasks
(Operations group) and audit tasks (Audit Team group).

User Not in Any Group:

• Fred is not assigned to any group.

• This could mean Fred has unique permissions set at the
user level, or he might have limited or no access to
resources depending on the account configuration.

Permissions:

• The actual level of access a user, group, or role has to

specific resources.
• Permissions are derived from policies and can include
actions like “read,” “write,” “delete,” etc.

Roles:

• Roles are temporary permissions assigned to users,

applications, or services to perform certain tasks.
• For example, an application running on a server might
assume a role with permission to read data from a storage
service.
Policies:

• Documents (written in JSON format) that define

permissions.
• Policies specify what actions are allowed or denied on
which resources.
• Policies can be attached to users, groups, or roles, defining
what they can or cannot do.

CREATING USERS
To create a new user in AWS, you can follow these steps in the
AWS Management Console. This guide outlines how to create an
IAM user and assign permissions to allow them access to
resources.

1. Log in to the AWS Management Console:

- Go to [AWS Management Console]

(https://aws.amazon.com/console/).

- Log in with an IAM account that has permission to create

new users (such as an admin account).

2. Navigate to the IAM Console:

- In the AWS Management Console, search for and select the

IAM (Identity and Access Management) service.

3. Access the Users Section:

- In the IAM dashboard, on the left-side menu, click on Users.

4. Add User:

- Click the Add Users button at the top.

5. Enter User Details:

- Enter a unique name for the new user.

- Access Type:
 - Choose Programmatic access if the user needs API access
with Access Key ID and Secret Access Key.

- Choose AWS Management Console access if the user

needs access to the AWS Console (web interface).

- You can choose both if the user needs access to both the
console and programmatic access.

- If you enable console access, you’ll be prompted to create a

password. You can either specify a password or require the user
to create one upon first login.

6. Set Permissions:

- Choose how to assign permissions to the new user:

- Attach policies directly: Select one or more policies that

grant specific permissions (e.g., `Administrator Access`,
`AmazonS3ReadOnlyAccess`).

- Choose an existing IAM group with predefined policies, so

the user inherits the group’s permissions.

- Copy permissions from existing user: Copy permissions

from another user.

- Attach policies with JSON: Use a JSON policy document to

define custom permissions.

7. Add Tags (Optional):

- You can add tags (key-value pairs) to the user. Tags can
help organize and track IAM users for billing or management
purposes.

8. Review and Create User:

- Review the details to ensure everything is correct.

- Click Create user to finish the setup.

9. Download Credentials:

- If you selected Programmatic access in Step 5, you’ll see an

option to download the user's Access Key ID and Secret Access
Key.

- Download the .csv file or copy the credentials to a secure

location. You will not be able to view the Secret Access Key
again, so it's crucial to save it.

- You can also send login instructions to the user by email if

they have AWS Management Console access.

10. Communicate Details to the User:

- Provide the new user with their login credentials, AWS

account ID, and console login link (if applicable).

Important Tips

- Multi-Factor Authentication (MFA): For added security,

consider enabling MFA on the user account after creation.

- Least Privilege Principle: Assign only the permissions

necessary for the user's job function. Avoid giving overly broad
permissions.

That’s it! You’ve successfully created a new IAM user in AWS.

DIFFERENCES BETWEEN ROOTS ACCOUNT

AND IAM USER ACCOUNT
Root Account
• Definition: The root account is the AWS account created
when you first sign up for AWS. It is tied to the email
address and credentials you used during registration.

IAM User Account

 • Definition: An IAM user account is an identity created
within AWS IAM to provide individual access to AWS
resources.

Key Differences

Aspect Root Account IAM User Account

Unrestricted access to Limited access,

Access Level everything in the AWS defined via IAM
account. policies.

Account-level Day-to-day
Purpose management and rare operations and
critical operations. resource access.

Default No permissions by
Full access by default.
Permissions default.

Created automatically
Created manually
Creation when the AWS account
within IAM.
is registered.

Permissions can be
Permissions cannot be
Restrictable? customized and
restricted.
restricted.

Regular use for

Should be used
Usage individuals and
sparingly.
applications.

Must be protected with Uses individual

Security MFA and strong credentials and
credentials. policies for access.

When to Use Each

 • Root Account:

o Only for account-level administrative tasks.

o Examples:

▪ Managing billing or payment methods.

▪ Recovering an account.

▪ Creating the first IAM user.

• IAM User Accounts:

o For everyday tasks and operational roles.

o Examples:

▪ Developers accessing EC2 instances.

▪ Administrators managing S3 buckets.

▪ Applications interacting with AWS services

programmatically.

Best Practices Summary

• Create IAM users for all team members and services.

• Assign roles and groups to manage permissions

effectively.

• Enable MFA for both the root account and IAM users.

• Store the root account credentials securely and use them

only when necessary.

LOGGING IN THE IAM USER ACCOUNT

When we create users, we assign permissions i.e. what they can
do in their various accounts and groups. And that is done from
the roots account
We can customize our sign-in URL by creating an account alias.
We can also sign in with our user account by copying and
pasting the sign-in URL into a new window to log in on both
accounts simultaneously.

1. The username that’s to be filled in must be the same IAM

username.
2. The password must be the same one used when creating
an IAM user.

After logging, we have two accounts:

• One logged in using the root account

• Second account logged in with the IAM User

N.B: The IAM user account created has an administrative

access permission or policy because it’s in the admin group
which means, the user can create, delete, and modify
resources across AWS because they inherited
AdministratorAccess from the Admin group.

IAM POLICIES INHERITANCE

AWS Identity and Access Management (IAM) policies do not
inherently support inheritance like hierarchical systems (e.g.,
parent-child directory structures in file systems). However, IAM's
design allows you to structure and manage access in a way
that mimics inheritance through policy attachment and scope
definition.

IAM Policies Basics

IAM policies are JSON documents that define permissions for
AWS services and resources. Policies can be attached to:

• IAM Users

• IAM Groups
 • IAM Roles

Simulating Inheritance via Groups

• User-Group Attachments: When you attach a policy to a
group, all users in that group inherit the permissions
defined in the policy. For example:

o Group "Developers" has an attached policy granting

S3:ReadAccess.

o A user added to "Developers" automatically inherits

S3: ReadAccess.

• To simulate more complex inheritance, use multiple groups

(e.g., "BasicAccess", "PowerUsers") and assign users to
relevant groups.

Groups and Memberships

• Developers (Blue Box):

o Users: Alice, Bob, and Charles.

o The group has a policy attached, which defines

specific permissions (indicated by the red checklist).
 These permissions are inherited by all group
members (Alice, Bob, and Charles).

• Audit Team (Green Box):

o Users: Charles and David.

o Similar to the Developers group, the Audit Team has

its own policy that grants certain permissions. Both
Charles and David inherit these permissions.

• Operations (Orange Box):

o Users: Edward and David.

o Members of this group inherit the permissions defined

in the Operations group policy.
Permission Hierarchy Using Policies
• Inline Policies: Directly attached to a user, role, or group.
These policies are specific to the entity and do not
cascade or apply to other entities.

o Fred:

Unlike the other users, Fred is not part of any group.

Instead, he has an inline policy directly attached to his
IAM user. This policy is specific to Fred and does not
apply to other users.

• Managed Policies: Reusable policies that can be attached

to multiple entities. Updating the managed policy updates
permissions for all attached entities, simulating
inheritance.

Policy Combination
Permissions are additive:

• If a user has multiple policies attached (directly, via

groups, or roles), their effective permissions are the union
of all policies.

o Overlapping Memberships

o Charles and David:

▪ Both users are members of multiple groups:

▪ Charles is part of both the Developers and

Audit Team groups.

▪ David is part of both the Audit Team and

Operations groups.

▪ These users inherit permissions from all groups

they belong to. AWS IAM policies are additive,
 meaning their effective permissions are the
union of the policies from all groups.

• Explicit deny overrides allow permissions. This is key when

defining boundaries or exceptions.

Key Takeaways
• Group Policy Inheritance:

o Policies attached to groups apply to all members,

providing a scalable way to manage permissions for
multiple users.

• Overlapping Group Membership:

o Users in multiple groups inherit permissions from all

groups, which can lead to broader access.

• Inline Policies:

o Policies directly attached to individual users (like

Fred) are not shared or inherited by others.

IAM POLICIES STRUCTURE

An AWS IAM Policy is a JSON document that defines access
permissions for AWS resources. Its structure is standardized and
consists of several key elements that specify who, what, when,
and where actions are allowed or denied.

IAM Policy Structure Components

1. Policy Elements

A typical IAM policy contains the following sections:

1.1 Version

• Specifies the version of the policy language.

• The most commonly used version is "2012-10-17", which

supports all current features.

Example:

"Version": "2012-10-17"

1.2 Statement

• The main component of the policy, where permissions are

defined.

• Can contain one or more statements.

Example:

"Statement": [

// Details of a single permission

2. Statement Elements

Each Statement block contains the following sub-elements:

2.1 Sid (Optional)

• A statement identifier to uniquely identify the statement

(useful for debugging or auditing).

• Not required but helpful in complex policies.

Example:

"Sid": "AllowS3ReadAccess"

2.2 Effect

• Specifies whether the statement allows or denies the

action.

• Valid values: "Allow" or "Deny".

Example:

"Effect": "Allow"

2.3 Action

• Specifies the actions (or API calls) allowed or denied.

• Use "*" to represent all or specific actions like "s3:PutObject".

Example:

"Action": [
 "s3:GetObject",

"s3:PutObject"

2.4 Resource

• Specifies the AWS resources to which the statement

applies.

• Uses Amazon Resource Names (ARNs) to define specific

resources or "*" for all resources.

Example:

"Resource": "arn:aws:s3:::example-bucket/*"

2.5 Condition (Optional)

• Adds conditions to the policy, allowing permissions to be

context-specific (e.g., IP range, date, tags).

• Uses condition operators such as "StringEquals",

"IpAddress", "Bool", etc.

Example:

"Condition": {

"IpAddress": {

"aws:SourceIp": "192.168.0.1/32"

Full IAM Policy Example

Below is an example policy that allows read and write access to
a specific S3 bucket from a specified IP address:

"Version": "2012-10-17",

"Statement": [

"Sid": "AllowS3AccessFromSpecificIP",

"Effect": "Allow",

"Action": [

"s3:GetObject",

"s3:PutObject"

],

"Resource": "arn:aws:s3:::example-bucket/*",

"Condition": {

"IpAddress": {

"aws:SourceIp": "192.168.1.0/24"

IAM POLICY HANDS-ON

Now we have two accounts:

• ROOTS ACCOUNT
• IAM USER ACCOUNT

Whatever is done on the Roots account is also done on the IAM

account i.e. if a user is removed from its group, it doesn’t have
access to that group again to perform any action.

• If the Admin group has a policy granting

AdministratorAccess (full access to all AWS services and
resources), removing the user from the group will
immediately revoke the permissions that were granted
through the group.

Example:

• Before removal: The user can create, delete, and modify

resources across AWS because they inherited
AdministratorAccess from the Admin group.

• After removal: The user loses all permissions granted by

the admin group.

We can assign a read-only policy that only users to read and

not create.

We can assign permissions directly to a user

A user can be in two different groups and inherit two different

permissions assigned to each respective group.

In Policies JSON File:

When we see star (*), in AWS it means anything, so it means we
allow any action on any resource.
And allowing any action on any resource is the same thing as
giving administrator access to someone.

Get*, says that anything that starts with Get and then has
something after is authorized.

So, we have a List*.

So, list users or list groups.

So, by using a star,

we encompass and group many APIS calls together.

So, all this is allowed on Resource*.

CREATING A POLICY
Create and Attach the Policy

You can create and apply the policy using the AWS
Management Console, AWS CLI, or AWS SDK.

Using the AWS Management Console

1. Navigate to the IAM Console: IAM Dashboard.

2. Go to Policies > Click Create Policy.

3. Choose between:

o Visual Editor: Fill in the required actions, resources,

and conditions using a form-based interface.

o Select a Service: e.g. IAM

o Allow or Deny the Effect

o Specify actions from the service to be allowed.

1. List: e.g. ListUsers

2. Read: e.g. GetUser

3. Write: e.g. CreateGroup

 • Policy details: Give the policy a name

o JSON Editor: Paste the JSON policy you’ve created.

4. Review and save the policy with a descriptive name.