...
- Login to the cu-training AWS account using traditional Shibboleth login.
- Use this link to initiate login: https://signin.aws.cucloud.net/
- This will start the usual process for Cornell Two-Step Login process. Complete your two-step login.
- Once you have finished with DUO, you will be in one of two places. Take your next steps based on where you end up.
- If you are given the option of selecting a role, select shib-training under the "cu-training" AWS account, and click on Sign in.
- Use this link to initiate login: https://signin.aws.cucloud.net/
- Once in the AWS Management Console, check which AWS region your console is pointed at. You want "N. Virginia". If your console is in any other region, change it to "US East (N. Virigina) us-east-1".
- In the AWS Management Console, type "config" in the search box and click on Config under Services.
- In the Config Dashboard, take note of the high numbers of non-compliant resources. (100+ resources)
Part 1B – Find "your" IAM user
- Click on Resources from the left-hand navigation panel in the Config console.
- Enter the "netid" form of your Cornell email address (e.g., netid@cornell.edu) in the Resource identifier search field and hit "enter" on your keyboard. This will start the search for "your" IAM user.
- Config should show one search result, listing an IAM user named like "netid@cornell.edu". That IAM User resource will be labelled as non-compliant.
- Click on the IAM user name (i.e., netid@cornell.edu) to drill into that resource.
- Review the Rules at the bottom to confirm that "your" IAM user is indeed non-compliant with respect to the 251-MED-no-iam-users-except-whitelist rule.
- In the top right of that page, click on Manage Resource.
...