Overview
IAM is used to create AWS users, assign them to a group and assign the permission they need. We can create an IAM user in AWS and assign permission to the users in two ways:
- Directly assign a permission to individual users or
- Create a group, assign the permissions to the group and make the user a part of that group.
In this post, we will take the second approach to create the user.
Steps to create an IAM user in AWS
I am dividing this step into two section.
- First is to create Group and
- Second is to create user
Create User group
- Login to your AWS account as an root user by visiting the AWS Console -> My Account -> AWS Management Console and fill out your credentials there.
- When you logged in successfully you may see a page like below
- Go to Services menu and under Security, Identity, & Compliance select IAM or you can directly search IAM in the search bar.
- Click on the User Groups menu from the left side and click on the Create group button from the right.
- Define a User group name. For example: Developers
- In AWS, we have to attach a policy. These policies will define the permission that the user has.There are a number of predefined policies available. These policies are called managed policies. These are managed by AWS itself. Now, we can give Administrator policy to all the developers. (You can customize as per your need). At the Attach permissions policies section, type AdministratorAccess and press enter and select AdministratorAccess policy.
- Click Create group
- Now, the group is created.
Create an IAM user
- Go back to the IAM dashboard and click the Users menu and click Add users button.
- On the Username you can type username. I am creating a user called codersathi. You can create multiple users at a time. You can just click on Add another user if you want to create multiple users.
- Access type. The access type means, how a user can access the AWS resources. Like, using AWS Management console or Programmatic access. Programmatic access means that a user can access AWS resources programmatically like AWS CLI, Java, etc.. Now, we are using AWS Management Console access, we can do similarly by using programming languages like Java, or AWS CLI.
For the user codersathi, I am giving only the AWS Management Console access. This user is not going to access AWS resources programmatically.
- Console password: You can use auto generated password or set custom password.
- Require password reset: When you enable it, the user will require to change the password when s/he logins for the first time.
- Click Next:Permissions
- Set permissions: Select a group we created earlier called Developers. You can also select multiple groups if you have them and click Next Tags
- Add tags: You can add tags if you want, for now I am ignoring it. Click Next review.
- Review: Here, you can verify the user you have created and the permission you have given to him/her. If everything is ok, then you can click the Create user button.
- The user is created successfully. You can export the CSV file to keep your user’s details like, username, password and so on. You can view the password, or you can also send the login instruction via email to the user.
Login as an IAM user
Now, the user created successfully, can this user login from https://aws.amazon.com ? The answer is No.
To login with this user as an IAM user, there is an URL generated along with the user create success message. That URL looks like:
https://<your-12-digits-accouont-id>.signin.aws.amazon.com/console
First, logout from the currently logged in user. And copy the URL above and paste it to your browser. You will see the following kind of window where you will enter your username and password.
When you enter your username and password then click Sign in and you will be successfully logged in as an IAM user.
Conclusion
In this post, we learned to create an IAM user and also learned to login as an IAM user.