Getting Started With IAM
Creating Your First IAM Admin User & User Group
As we all know, we must not use the AWS account root user when it's not necessary, instead a new IAM user should be created for everyone who needs an administrator access. After that these users will be made Administrators by simple putting them into an "Administrators" user group attached with an AdministratorAccess policy.
Now these users can set up the user groups, users, etc. for the AWS account to help with all the future interactions via their own keys not via root user. However, you will still require to login via root user credentials for certain accounts and service management tasks.
Creating an Administrator IAM User & User Group (Console)
In order to do so, you will have to follow these steps:
- Sign in to the IAM console via root user and insert your AWS account email address and password.
- Now, enable access to the billing data for the IAM admin user that can be created as follows:
- Select you account name and account on the navigation bar.
- Choose Edit present next to the IAM User and Role Access to Billing Information. However, you must be signed in as the root user for this one to appear on screen.
- After that you can Activate IAM Access and select Update.
- Now, you can choose Services and then IAM under Security, Identity, & Compliance to go back to the IAM console on the navigation bar.
- Choose users and Add users on the navigation pane.
- Perform the following tasks on the Details page:
- Type Administrator for User name.
- Choose AWS Management Console Access, Custom Password, and then type your new password in the text box.
- As by default, AWS insists the new user to create a new password for first sign in, you can also choose to clear the check box next to User must create a new password at next sign-in to permit the new user to reset their password after signing in.
- Choose Next:Permissions.
- Perform the following tasks on the Permissions page:
- Select Add User to Group.
- Choose Create Group.
- Now type Administrators in the Create Group dialog box for the Group name.
- Select the AdministratorAccess policy.
- Choose Create Group.
- Select your new user group on the page having a list of user groups.
- Select Next:Tags.
- Now add metadata to the user by attaching tags as key-value pairs. (optional)
- Select Next:Review, verify the User Group Memberships, and then choose Create User.
- You can also download a .csv file on the Complete Page, along with the login information for the user or send email having login instruction to the user.
This same process can also be used to create more user groups in order to give the users access to your AWS account resources.
Creating an IAM User & User Group (AWS CLI)
Performing the following tasks will help you in achieving the goal:
- Create a user group and give it a name (like Admins).
- Now attach a policy that can offer user group administrative permissions like access to all the AWS actions and resources.
- Finally, add at least one user to the user group.
Comments
Post a Comment