Skip to main content

Creating IAM User Accounts

What is IAM?

IAM (Identity and Access Management) is a component of AWS which manages Users, Groups, Policies, and Roles to control access permissions to your various services within your AWS environment.
Here is where you can create User accounts, add them to groups that have attached permissions to control access or create policies or roles that you can attach to trusted entities to give them access to services within your environment.  

For more details on IAM checkout this link: AWS Identity and Access Management (IAM)

In this article I will demonstrate how to create an administrator account that you can use to launch services in AWS.  In my previous post I mentioned that it is advised that you do not use your Master or Root account to perform these functions but instead use a separate Administrator account for the purpose of launching services.  The Master account should be used to manage Budgets, setup CloudWatch monitoring and consolidate child accounts under your entire Organization.  I will talk more about AWS Organizations and the uses of the Master accounts in another article soon.

Here are the steps to follow in creating an IAM Administrator account:

  1. Login to the AWS console using your Root account.  Click "Services" and then click "IAM"
  2. On the left hand side click on "Users".  Here you will see the "Add User" button.  Click on that to start the process of creating the account.
  3. On the Add User form, enter the User Name you wish to give your account and then select the type of access for it.  There are 2 choices for the Access Type,  Programmatic - (access through AWS API, CLI, SDK or other Dev tools only) or AWS Management Console - (access through Management Console only).  Choose the appropriate type depending on how this user will interact with AWS. (In this example I chose both and left the other choices on default). Click the "Next: Permissions" button to proceed.
     
  4. This will then take you to the section where you can add the user to a group in order to control it's permissions.  If you have not created any group yet there will be nothing to choose from. Check out the previous article on creating IAM Groups if you haven't created one yet. 
  5. Now select the group to add the user account to.  Then click the "Next: Review" button.
     
  6. Review the settings and then click the "Create User" button.
     
  7. You have now created the user successfully.  In this window you will see the login link to your account.  Copy that and provide it to whoever will use the account.  That will be the link to use when logging in to AWS using this user account.  You also have the option on this page to send the login instructions via email. Click "Download.csv" to download the account details on your computer. Note that for Console Access you use the Username and Password and for Programmatic Access you use the Access Key ID and Secret Access Key.  
  8. You can now login for the first time using this account.  Follow the link provided and then enter the Username and temporary password. Then click Sign in.
     
  9. If you have chosen the option to require password reset on first login you will be asked to reset the password.  Provide your new password and then confirm the password change.
  10. You have now created a User account in AIM. 
  
Next I will talk about Roles, how they are used and how to create them. So stay tuned...


    


Labels:

Comments

Post a Comment

Popular posts from this blog

Welcome!

Hello dear readers! Welcome to my blog where I present the world of cloud computing on AWS.  Here you will find information that'll help you understand what it is, where it is, and how you can use it.  This blog will include AWS facts and news, use cases and projects, guides and instructions, tips and tricks, and a whole lot more to follow as I continue to develop this site to be a one stop shop for everyone wanting to know how AWS ome AWS is. (wink.. wink...) So keep on reading through the articles to find what you want and feel free to comment on what contents you would like to see in the future.  Have a great day everyone!
Post a Comment
Read more

AWS End User Computing

The End User Computing category comprises of services which cater to Workstation Services needs.  It provides virtualized computer terminals as well as an Application Streaming service in a client-server setup. Here are the two services that are currently in this category. WorkSpaces        - Amazon Workspaces enables you to provision virtual, cloud-based Microsoft Windows desktops for your users, known as WorkSpaces.  It eliminates the need to procure and deploy hardware or install complex software.  You can quickly add or remove users as your needs change.  Users can access their virtual desktops from multiple devices or web browsers.        - Virtual terminals (VDI).  A way of having your desktop in the cloud. WorkDocs        - Amazon WorkDocs is a fully managed, secure, enterprise storage and sharing service with strong administrative controls and feedback capabilities that improve user prod...
Post a Comment
Read more

AWS Machine Learning Services

The Machine Learning Services category comprises of several services that cater to the use of machine learning technology.  The managed services make it easy for application developers to build smart and robust application that make use of ML models.   Here is a list of all the current Machine Learning services available.  Amazon SageMaker        - Build, train, and deploy machine learning models at scale.  This allows for the quickest way to get ML Models from idea to production. Amazon Comprehend        - Amazon Comprehend is a continuously-trained natural language processing service.        - It's free to try and easy to get started analyzing unstructured text like customer reviews and news articles. DeepLens        - Deep learning-enabled video cameras.  AWS DeepLens is powerful enough for experts, but designed to help developers get started quickly with litt...
Post a Comment
Read more