Step 1: Access the IAM Console

1. Open your web browser and go to the IAM Console URL: {TBD}
2. Log in as the Root User or a User Account with appropriate permissions. You'll need to provide your username/email and password.
3. After logging in, you'll see the IAM Console dashboard, which provides an overview of your IAM configuration.
   

Step 2: Understanding IAM User Accounts & User Groups

• Root User Account: The initial entity you create in Greennode AI Platform, with full access to all Greennode AI Platform products, services, and resources within that account.
• IAM User Account: Represents an individual identity associated with your Root User Account. Each user has a unique set of security credentials, such as a username and password or access keys, to authenticate their identity.
• IAM User Group: A collection of IAM user accounts with similar access requirements. Grouping user accounts simplifies permission management by granting permissions to a group instead of individual user accounts, improving consistency and efficiency in access control.

          2.1 Create an IAM User Account

1. Access the IAM Console.
2. Click on "User accounts" in the left menu.
3. Click "Create a user account."
4. Enter the user account details, including username and password.
5. Review the settings and click "Create a user account" in the upper right corner.

          2.2 How to Create an IAM User Group

1. Access the IAM Console.
2. Click on "Groups" in the left menu.
3. Click "Create new group."
4. Provide a group name and optional description.
5. Attach relevant IAM policies to the group to define the group's permissions.
6. Add the user accounts you want to manage to the group.
7. Review the settings and click "Create group."

Step 3: Understanding IAM Policies and Permissions

• IAM Policy: A JSON document that defines permissions and rules for accessing resources. Policies are attached to IAM user accounts, groups, or service accounts to control the actions they can perform on specific resources. IAM policies follow an "allow" or "deny" principle, meaning they explicitly grant or deny access to resources and actions.
• Permissions: IAM permissions define what actions IAM entities (user accounts, groups, and service accounts) are allowed or denied to perform on Greennode AI Platform resources. These actions can range from listing resources to read/write access on resources, or even managing IAM user accounts and groups.

            3.1 Configure Permissions in an IAM Policy

1. Access the IAM Console.
2. Click on "Policy" in the left menu.
3. Click "Create a policy."
4. Provide a policy name and optional description.
5. Click "Next step" to continue configuring permissions.
6. Select a specific Product/Service within the Greennode AI Platform that you want to configure.
7. Specify the Actions allowed on the product's resources.
8. Select the Resources to which the actions apply (All resources / Specific resources).
9. Provide Request conditions regarding the time of application.
10. Review the settings and click "Create policy."

           3.2 Assign Permissions to IAM Entities

1. Create a new IAM policy or use an existing policy that aligns with your access control requirements.
2. Attach the policy to the appropriate IAM user accounts, groups, and service accounts.
3. Review and confirm the attached policies to ensure they adhere to the principle of least privilege.

Remember to follow the principle of least privilege when assigning permissions to IAM entities, granting only the minimum permissions necessary for IAM user accounts, groups, and service accounts to perform their tasks.