Skip to main content

Creating IAM User Accounts

What is IAM?

IAM (Identity and Access Management) is a component of AWS which manages Users, Groups, Policies, and Roles to control access permissions to your various services within your AWS environment.
Here is where you can create User accounts, add them to groups that have attached permissions to control access or create policies or roles that you can attach to trusted entities to give them access to services within your environment.  

For more details on IAM checkout this link: AWS Identity and Access Management (IAM)

In this article I will demonstrate how to create an administrator account that you can use to launch services in AWS.  In my previous post I mentioned that it is advised that you do not use your Master or Root account to perform these functions but instead use a separate Administrator account for the purpose of launching services.  The Master account should be used to manage Budgets, setup CloudWatch monitoring and consolidate child accounts under your entire Organization.  I will talk more about AWS Organizations and the uses of the Master accounts in another article soon.

Here are the steps to follow in creating an IAM Administrator account:

  1. Login to the AWS console using your Root account.  Click "Services" and then click "IAM"
  2. On the left hand side click on "Users".  Here you will see the "Add User" button.  Click on that to start the process of creating the account.
  3. On the Add User form, enter the User Name you wish to give your account and then select the type of access for it.  There are 2 choices for the Access Type,  Programmatic - (access through AWS API, CLI, SDK or other Dev tools only) or AWS Management Console - (access through Management Console only).  Choose the appropriate type depending on how this user will interact with AWS. (In this example I chose both and left the other choices on default). Click the "Next: Permissions" button to proceed.
     
  4. This will then take you to the section where you can add the user to a group in order to control it's permissions.  If you have not created any group yet there will be nothing to choose from. Check out the previous article on creating IAM Groups if you haven't created one yet. 
  5. Now select the group to add the user account to.  Then click the "Next: Review" button.
     
  6. Review the settings and then click the "Create User" button.
     
  7. You have now created the user successfully.  In this window you will see the login link to your account.  Copy that and provide it to whoever will use the account.  That will be the link to use when logging in to AWS using this user account.  You also have the option on this page to send the login instructions via email. Click "Download.csv" to download the account details on your computer. Note that for Console Access you use the Username and Password and for Programmatic Access you use the Access Key ID and Secret Access Key.  
  8. You can now login for the first time using this account.  Follow the link provided and then enter the Username and temporary password. Then click Sign in.
     
  9. If you have chosen the option to require password reset on first login you will be asked to reset the password.  Provide your new password and then confirm the password change.
  10. You have now created a User account in AIM. 
  
Next I will talk about Roles, how they are used and how to create them. So stay tuned...


    


Labels:

Comments

Post a Comment

Popular posts from this blog

AWS AR & VR Services

The AR & VR category is all about Artificial Intelligence and Virtual Reality.  At the moment, there is only one service available in this category, but nevertheless is cutting edge technology. Sumerian        - Amazon Sumerian lets you create and run virtual reality (VR), augmented reality (AR), and 3D applications quickly and easily without requiring any specialized programming or 3D graphics expertise.  With Sumerian, you can build highly immersive and interactive scenes that run on popular hardware such as Oculus Rift, HTC Vive, and iOS mobile devices (support for Android ARCore coming soon).  For example, you can build a virtual classroom that lets you train new employees around the world, or you can build a virtual environment that enables people to tour a building remotely.  Sumerian makes it easy to create all the building blocks needed to build highly immersive and interactive 3D experiences including adding objects, and designing...
Post a Comment
Read more

AWS End User Computing

The End User Computing category comprises of services which cater to Workstation Services needs.  It provides virtualized computer terminals as well as an Application Streaming service in a client-server setup. Here are the two services that are currently in this category. WorkSpaces        - Amazon Workspaces enables you to provision virtual, cloud-based Microsoft Windows desktops for your users, known as WorkSpaces.  It eliminates the need to procure and deploy hardware or install complex software.  You can quickly add or remove users as your needs change.  Users can access their virtual desktops from multiple devices or web browsers.        - Virtual terminals (VDI).  A way of having your desktop in the cloud. WorkDocs        - Amazon WorkDocs is a fully managed, secure, enterprise storage and sharing service with strong administrative controls and feedback capabilities that improve user prod...
Post a Comment
Read more

AWS IoT

The IoT or Internet of Things category is a collection of services that are specifically designed for the management and implementation of IoT technology.  These allows you to easily integrate IoT models or functions into your application. Below are the various IoT services available in this category. IoT Core        - AWS IoT provides secure, bi-directional communication between Internet-connected devices such as sensors, actuators, embedded micro-controllers, or smart appliances and the AWS Cloud. This enables you to collect telemetry data from multiple devices, and store and analyze the data. You can also create applications that enable your users to control these devices from their phones or tablets. IoT 1-Click       - AWS IoT 1-Click is a service that makes it easy for simple devices to trigger AWS Lambda functions that execute a specific action. Some examples of possible actions include calling technical support, reordering goods and ...
Post a Comment
Read more