Automated user migration and management of AWS Identity and Access Management (IAM) resources

In this project based on a real-world scenario, I acted as Cloud Specialist with the mission to migrate users in an automated way and manage AWS IAM (Identity and Access Management) resources.

There were 100 users that needed to be migrated and have MFA (Multi-factor authentication) enabled on their accounts, as this is a security best practice.

To avoid repetitive and manual tasks in the AWS console, I needed to think about automating the processes.

Using GitBash with AWS CLI and Shell Script, and by utilizing a CSV format database containing information such as users, their corresponding group within the company, and initial default passwords, it was possible to develop this automation process. You can view the architecture of the solution in the figure below.

Main stages of the project:

1. Preparation and Planning: Analysis of the existing database and identification of the users to be migrated.

2. Group Creation (Company Departments): Established user groups to organize accounts based on the different departments within the company.

3. Automation Script Development: Development and implementation of a script that reads user data from a CSV file and executes the migration and creation of accounts in AWS.

4. User Creation and Management: Automated creation of AWS user accounts by the script, segmented by groups corresponding to different areas of the company.

5. User Creation Validation: Analysis to ensure all users have been created and allocated to their respective groups.

6. Policy Management: Definition and application of access and permission policies, including permissions for users to manage their own passwords.

7. Security: Implementation of Multi-Factor Authentication (MFA) for all accounts. In addition, robust password policies were established to ensure the creation of secure credentials.

8. MFA Implementation Validation: Verification of the successful implementation of MFA for all users.