Managing IAM Users (part 1)
To read part 2, please click here
View User Access
Reviewing a user's recent service-level activity is very important before doing anything to it as it might delete an access from a principal (person or application), who is still using it.
Listing IAM Users
You can easily list the IAM users in your AWS account or in a specific IAM user group, and list all the user groups that a user is in, as described below.
To list all the users in the account
- AWS Management Console shows the users in your AWS account and you can choose Users from the navigation pane.
- AWS CLI: aws iam list-users.
- AWS API: ListUsers.
To list the users in a specific group
- You can select the User groups, their name, and the Users tab from the navigation pane of the AWS Management Console.
- AWS CLI: aws iam get-group.
- AWS API: GetGroup.
To list all the user groups that a user is in
- Select the Users, user name, and then, the Groups tab from the navigation pane of the AWS Management Console.
- AWS CLI: aws iam list-groups-for-user.
- AWS API: ListGroupsForUser.
Renaming an IAM User
As the console doesn't have an option for renaming or change a user's name or path, you must use the AWS CLI, Tools for Windows PowerShell, or AWS API and this change leads to the following things:
- All the policies attached to the user stay with the user under the new name.
- The user stays in the same user groups under the new name.
- The unique ID for the user remains the same.
- All the resources or role policies that refers to the user as a principal will be automatically updated to use the new name or path. However, this doesn't happen when the user is referred as a resource, it should be done manually.
To rename a user
- AWS CLI: aws iam update-user.
- AWS API: UpdateUser.
To read part 2, please click here
Comments
Post a Comment