Introduction
AWS Identity and Access Management (IAM) allows you to manage, access to AWS services and resources securely. By creating IAM users, you can provide individual access credentials to people or applications that need to interact with your AWS environment. In this guide, I’ll walk you through the process of creating an IAM user step by step.
WHO IS A USER?
A user represents a person or an entity that needs access to the cloud and also interact with AWS resources.
Why Create an IAM User?
When you first create an AWS account, you get a root user account. However, using the root account for everyday tasks poses significant security risks. IAM users are created by the AWS administrators to allow individual or application to ACCESS the AWS RESOURCES. Each user has a UNIQUE USERENAME and CREDENTIALS to authenticate to AWS
Step-by-Step Guide to Create an IAM User
NB: The steps below should be followed only after the successful creation of an AWS account
Step 1: Log in to the AWS Management Console
1. Open AWS Management Console.
2. Log in with your root account or an IAM user that has admin privileges.
Step 2: Navigate to the IAM Dashboard
1. In the AWS Console, search for “IAM” in the search bar and select IAM.
2. On the IAM dashboard, click Users in the left-hand menu.
Step 3: Add a New User
1. Click the Add users button.
2. Enter a User name for the new IAM user (e.g., developer-user).
3. Choose the Access type:
• Programmatic access: Select this if the user needs access to AWS APIs, CLI, or SDKs.
• AWS Management Console access: Select this if the user will interact with the AWS Console.
• You can select both if necessary.
For console password, you can choose to either autogenerate password or a custom password
Step 4: Set Permissions
IAM provides three options to assign permissions:
- Add user to group: If you have pre-existing groups with defined policies, you can add the user to a group (e.g., AdminGroup or ReadOnlyGroup).
2. Attach existing policies directly: Attach predefined AWS policies like AdministratorAccess or AmazonS3ReadOnlyAccess.
- Copy permissions from an existing user: Clone permissions from another IAM user.
For beginners, adding the user to a group is the simplest approach.
Step 5: (Optional) Add Tags
Tags help you organize and manage users. For example:
• Key: Department
• Value: Engineering
Adding tags is optional but recommended for better user management.
Step 6: Review and Create the User
1. Review the user details and assigned permissions.
2. Click Create user.
Step 7: Download Credentials
• After creating the user, AWS will provide an Access Key ID and Secret Access Key for programmatic access.
• Important: Download the credentials file or copy the keys. You won’t be able to view the secret key again.
Best Practices for IAM Users
1. Enable MFA (Multi-Factor Authentication): Add an extra layer of security by enabling MFA for the user.
2. Follow the Principle of Least Privilege: Grant only the permissions necessary for the user to perform their tasks.
3. Rotate Access Keys Regularly: Regularly update access keys to minimize security risks.
4. Audit and Monitor: Use AWS CloudTrail to track actions performed by IAM users.
Conclusion:
Creating an IAM user is a critical step in securing your AWS environment. By assigning specific permissions, you can ensure that users have only the access they need. Following this guide, you should now be able to create and manage IAM users confidently.