Skip to main content

Creating IAM User Accounts

What is IAM?

IAM (Identity and Access Management) is a component of AWS which manages Users, Groups, Policies, and Roles to control access permissions to your various services within your AWS environment.
Here is where you can create User accounts, add them to groups that have attached permissions to control access or create policies or roles that you can attach to trusted entities to give them access to services within your environment.  

For more details on IAM checkout this link: AWS Identity and Access Management (IAM)

In this article I will demonstrate how to create an administrator account that you can use to launch services in AWS.  In my previous post I mentioned that it is advised that you do not use your Master or Root account to perform these functions but instead use a separate Administrator account for the purpose of launching services.  The Master account should be used to manage Budgets, setup CloudWatch monitoring and consolidate child accounts under your entire Organization.  I will talk more about AWS Organizations and the uses of the Master accounts in another article soon.

Here are the steps to follow in creating an IAM Administrator account:

  1. Login to the AWS console using your Root account.  Click "Services" and then click "IAM"
  2. On the left hand side click on "Users".  Here you will see the "Add User" button.  Click on that to start the process of creating the account.
  3. On the Add User form, enter the User Name you wish to give your account and then select the type of access for it.  There are 2 choices for the Access Type,  Programmatic - (access through AWS API, CLI, SDK or other Dev tools only) or AWS Management Console - (access through Management Console only).  Choose the appropriate type depending on how this user will interact with AWS. (In this example I chose both and left the other choices on default). Click the "Next: Permissions" button to proceed.
     
  4. This will then take you to the section where you can add the user to a group in order to control it's permissions.  If you have not created any group yet there will be nothing to choose from. Check out the previous article on creating IAM Groups if you haven't created one yet. 
  5. Now select the group to add the user account to.  Then click the "Next: Review" button.
     
  6. Review the settings and then click the "Create User" button.
     
  7. You have now created the user successfully.  In this window you will see the login link to your account.  Copy that and provide it to whoever will use the account.  That will be the link to use when logging in to AWS using this user account.  You also have the option on this page to send the login instructions via email. Click "Download.csv" to download the account details on your computer. Note that for Console Access you use the Username and Password and for Programmatic Access you use the Access Key ID and Secret Access Key.  
  8. You can now login for the first time using this account.  Follow the link provided and then enter the Username and temporary password. Then click Sign in.
     
  9. If you have chosen the option to require password reset on first login you will be asked to reset the password.  Provide your new password and then confirm the password change.
  10. You have now created a User account in AIM. 
  
Next I will talk about Roles, how they are used and how to create them. So stay tuned...


    


Comments

Popular posts from this blog

Welcome!

Hello dear readers! Welcome to my blog where I present the world of cloud computing on AWS.  Here you will find information that'll help you understand what it is, where it is, and how you can use it.  This blog will include AWS facts and news, use cases and projects, guides and instructions, tips and tricks, and a whole lot more to follow as I continue to develop this site to be a one stop shop for everyone wanting to know how AWS ome AWS is. (wink.. wink...) So keep on reading through the articles to find what you want and feel free to comment on what contents you would like to see in the future.  Have a great day everyone!

AWS End User Computing

The End User Computing category comprises of services which cater to Workstation Services needs.  It provides virtualized computer terminals as well as an Application Streaming service in a client-server setup. Here are the two services that are currently in this category. WorkSpaces        - Amazon Workspaces enables you to provision virtual, cloud-based Microsoft Windows desktops for your users, known as WorkSpaces.  It eliminates the need to procure and deploy hardware or install complex software.  You can quickly add or remove users as your needs change.  Users can access their virtual desktops from multiple devices or web browsers.        - Virtual terminals (VDI).  A way of having your desktop in the cloud. WorkDocs        - Amazon WorkDocs is a fully managed, secure, enterprise storage and sharing service with strong administrative controls and feedback capabilities that improve user prod...

How to create an AWS free-tier account

Creating an AWS account isn't all that difficult.  This should be your 2nd step in your AWS journey.  The first being a clear familiarization of the various AWS services and their functions.  If you are not at all familiar with any of them, I would suggest you check out my previous posts which briefly discusses the various core services available in AWS then come back here to create your AWS account. When creating an AWS account you will need the following: A registered email address.   A credit card note: don't worry about fees.  creating the free tier account is totally free.  and there is a list of services that you will have free access to within their respective usage parameters.  Just be aware of these parameters as you can be charged if you go over the usage limit for the free tier account.   Now that you have the requirements available, lets begin creating your account.   First click this:  AWS Free Tier and then...