Blog

IAM User in AWS

Steps to Create an IAM User in AWS |2024

  • Post author:
  • Post category:AWS
  • Post last modified:October 7, 2024
  • Reading time:10 mins read

It stands for Identity and Access Management and is one of the core AWS services. Its function is to help you control access to resources.

What is a resource IAM User in AWS?

Resources are the entities you create in AWS, such as an S3 bucket or an S3 object. There are countless different resources you can create, like Lambda functions or DynamoDB tables, and IAM is what allows or restricts access to those resources.

What is ROOT user and IAM user

  • When you create an AWS account, you use an email address and a password to create your root user credentials. This root user has full access to all resources and services in your AWS account.
  • Now, suppose you want to grant someone else access to your account with limited permissions. In that case, you can create an IAM user. An IAM user has their own username and password, allowing them to log into your AWS account with only the permissions you’ve granted.

how to create an IAM user AWS

  • Before proceeding, note that I’m logged in through my root account. You need to be logged in either through your root user or an IAM user with permissions to create IAM users.
  • I’m in my AWS console and will open IAM. Once you’re in the IAM console, this is what it looks like. To create a user, click on “Users” here. Since I don’t have any users created yet, I’ll click on “Create User.”

Click on “Create User” and choose a username—let’s call it “techlinux.”

  • You can decide whether to give this user management console access. If you don’t check this box, the user will only have programmatic access, meaning they can access your AWS account through SDKs or CLI. I’ll give this user console access, so I’ll check this box.
  • Next, you can choose to auto-generate the password or create a custom one. Ensure the password meets all the necessary requirements. You can also choose whether the user must create a new password when they first sign in. I’ll uncheck this option for now.

Create an IAM user permission. 

  • Next, we’ll set the user’s permissions. If you already have an IAM user group created, you can add this user to that group, automatically giving them the group’s permissions. Since I don’t have any groups created, I won’t select this option. Instead, I’ll attach policies directly to the user.

Create an IAM user policy. 

  • A policy is essentially a JSON document that defines what access the IAM user will have. If you expand a policy, you can see the JSON document that outlines the permissions.
  • I’ll attach the “AmazonS3FullAccess” policy to this user so that they can only access S3. I’ll ignore the permissions boundary.
  • After reviewing the settings, click “Create User.” Once the user is created, you can also email the sign-in instructions to them.
  • Now, let’s log in with this user’s credentials to see what permissions they have. I’ll open a new window, enter the sign-in URL, and log in as techlinux using the credentials we just created.

Verifying IAM User Access

  • If you see, we’ve logged in as Techlinux. Let’s try to access EC2. Since we didn’t grant this user any EC2 permissions, we get an error saying they’re not authorized to perform this operation.
  • However, if we go to S3, where we granted full access, we can see the buckets and perform actions like downloading files.

how you create IAM users, grant them specific access, and use their credentials to log into your AWS account. This was a basic overview of creating an IAM user.

See Also:

Amazon.com

techlinux.in

I’m a DevOps engineer with 8 years of experience in automation and cloud infrastructure. I’m passionate about optimizing software delivery and love sharing practical DevOps tips.Outside of work, I enjoy hiking, cooking, and contributing to open-source projects.Thanks for visiting my blog