Hi folks, In this article will give you step by step guide on how to create an AWS IAM user with the help of the example and screenshots so that you can create an IAM user easily.
If you are learning AWS for the first time, Then You must have knowledge about AWS IAM because it is one of the most implemented services in AWS cloud computing. To interact with AWS services you must have an AWS IAM user because it is highly recommended by AWS Itself.
Headings of Contents
- 1 What is AWS ( Amazon Web Services )?
- 2 What is IAM ( Identity Access Management )?
- 3 What is AWS IAM User?
- 4 When you create an IAM user, IAM identifies that user in these ways
- 5 IAM Users and Credentials
- 6 AWS IAM Users and Permission
- 7 Step By Step Guide to Creating an AWS IAM User?
- 8 How do IAM Users Sign in to AWS?
- 9 Generating Access key and Secret key for AWS IAM Users.
- 10 Summary
What is AWS ( Amazon Web Services )?
AWS stands for Amazon Web Services. It is one of the world’s most popular, comprehensive, and Broadly adopted cloud computing platforms. It is used by millions of growing startups, the largest enterprises, and many government agencies to grow their business and productivity.AWS ( Amazon Web Services ) comes with over 200 services with data centers available globally.
AWS Offers a free tier account for 12 months to explore and use many services. To create an IAM user, You should have a root user account. I am assuming, You have a root user account that’s why you came here to create an AWS IAM user.
👉 Create AWS Free Tier Account:- Click Here
What is IAM ( Identity Access Management )?
AWS IAM stands for Identity Access Management. IAM is a web service that allows us to control access to AWS resources. With the help of the AWS IAM, You can control the permission for which AWS services should be used by which users.
You can use IAM to control who is authenticated ( Signed in ) and authorized ( Has permission ) to access the specific AWS services.
When we create an AWS account for the first time, we begin with one sign-in identity that has access to all the AWS services and resources. That identity is called the AWS root user account.
An AWS root user always log-in with the email and password that we use to create an AWS account. AWS doesn’t recommend we, To use the AWS root user account for everyday tasks.
AWS always recommends safe root user credentials and use only for those tasks that are only performed by the AWS root user.
👉 Click Here to knwo about AWS IAM
What is AWS IAM User?
AWS IAM user is an identity within an AWS account that has specific permissions for a person or application. AN IAM user has an associated name, password, and permissions. An IAM user can use credentials to make AWS requests.
Some important points about AWS IAM users have been given below.
- An IAM user with administration permission is not the same thing as an AWS root user account.
- Each IAM user is associated with one and only one AWS account Because an IAM user is defined as an AWS account. Any AWS activity performed by the IAM users in your account is billed to your account.
- The name of the AWS IAM users must be alphanumeric including characters like plus (+), Equal (=), comma (,), period (.), at(@), and underscore(_).
- AWS IAM Users are case insensitive meaning user Admin and ADMIN are the same thing.
- AN AWS IAM user cab is a member of only 10 Groups.
- A total of 50 tags can be attached to an IAM user.
- A total of 5000 IAM users can be created in an AWS Account.
- The maximum characters of the AWS IAM user name should not be greater than 64.
👉 Know More about AWS IAM user:- Click User
When you create an IAM user, IAM identifies that user in these ways
- A friendly name for the AWS IAM user. which is a readable name that you specified when you created an IAM user such as Vishvajit or John, etc.
- An ARN ( Amazon Resource Name ) for the AWS IAM user. You can always use ARN when you need to identify the AWS IAM user across all the AWS. For example, You could use an ARN to specify the IAM user as a Principle in an IAM policy for an S3 bucket. AN ARN for an AWS IAM user might look like this.
- A Unique identifier for the AWS IAM user. You will get this id when you will use API, Tools for Windows PowerShell, and AWS CLI to create a new IAM User. This id will not show in AWS Management Console.
IAM Users and Credentials
You can access an AWS account in different ways depending on the credentials of the IAM user.
- Console Password:- A password that can be used by the IAM user to sign in to the console or AWS Management Console. You can disable the password for IAM Users which will prevent an IAM user from login into AWS Management Console.
- Access key:- Access key is mainly used to make programming access or request. Suppose you want to use any SDK or AWS CLI then you will be a requirement to access the key and secret key.
AWS IAM Users and Permission
By Default, A new AWS IAM user has no permission to do anything. They are not authorized to perform any operations or to access any AWS resources.
Advantages of having individual IAM users assign the permissions individually. You might assign administrative permissions to a few users to perform administrative tasks so that They can manage IAM users. However, You can limit the permissions of the users to just tasks and resources that are required for a job.
For example. You can create an IAM user along with a password so that they can launch AWS Management Console. You can attach a policy to create an S3 bucket only.
let’s see a complete step-by-step guide to creating an AWS IAM user.
Step By Step Guide to Creating an AWS IAM User?
Follow the below-given steps to create a new IAM user.
- To create an AWS IAM user, You have to log in as a root user into AWS Management Console. Click Here to log in.
- Search for IAM in the above search box and click on IAM as follows.
- Now a Users option will be displayed on the left side underneath ‘Access management‘, Just click on that Users.
- Click on Add users.
- Now, A Window will display to enter IAM user details. Please follow the given steps.
- Specify the AWS IAM username.
- Check the Enable console access – optional checkbox, so that the user can easily login into AWS Management Console.
- Click on Custom password, and Enter the password as your wish.
- Click on Next.
- Next, AWS will ask you to attach permission to this user, Click Attach policies directly. Search IAM in the search box and choose “IAMFullAccess” permission.
IAMFullAccess:- This permission gives full access to this user to create another AWS IAM user and manage them. You can choose another policy as per your requirement.
Now click on Next.
- Again, A window will display where all the details will be shown that you have filled in the above steps, If everything is correct then click on Create user otherwise you can go previous just by clicking on the Previous button and correcting them.
- Now, click on the Download .csv file to download IAM user credentials such as login URL, username, and console password. To login into AWS Management Console, navigate to the URL that is mentioned in a downloaded CSV file and enter your username and password.
How do IAM Users Sign in to AWS?
After creating of AWS IAM user, You have to login into the AWS Management console. To log in, you need to provide an account id or alias along with a username and password.
As we have seen earlier in the above Steps for the creation of an AWS IAM user. After creating of AWS IAM user, AWS provides use a CSV file that contains the Login URL and username and password of created user.
The login URL looks something like below.
In the above URL, My_AWS_Account_ID represents the account id of the AWS account. This will be replaced with your AWS account id. When you will visit this URL, You don’t need to enter your account id manually, you just need to enter your username and password.
You can sign in with the following URL, but here you will have to enter your account id manually.
When you will log in the first time to the AWS management console, you will have to change the password that you provided during the creation of the IAM user.
You will see a password change form like this, Fill in your old password and the new password, and again fill new password to be confirmed, and then click on Confirm password change.
You have to remember one thing here, This user is only capable of login into AWS Management Console rather than making a programmatic request but being a developer we want to use this IAM user to make programmatic requests using AWS CLI and Python boto3 library. To make a programming request by using this use, We will have to create a secret key and access key.
Generating Access key and Secret key for AWS IAM Users.
You can follow the below steps to create a programmatic request.
- Click on the IAM user name that you have created above under the Users section. I am assuming, You have logged in through the root user, like above.
- Click on security credentials.
- Click on Create access key.
- Choose the Command line interface, check the below checkbox, and then click on Next.
- You can provide the description for this access key however this is optional, You can omit it and finally click on Create access key.
- Now, the access key and secret key have been created, Click on the Download .csv file to save your AWS IAM username access key and secret key.
Now you have successfully created an AWS IAM user with AWS Management console and programmatic access. You can use this secret key and access key to make a programmatic request using AWS CLI and AWS SDKs.
In this article, we have successfully seen all about how to create an AWS IAM user to log in to the AWS Management Console as well as make programmatic requests.
The meaning of programmatic request is, AWS service can download, configure, and control AWS Services by using AWS CLI ( AWS Command Line Interface ) and AWS SDKs like Boto3 library to use AWS services.
Please don’t use the AWS root user account for everyday tasks because Officially, AWS recommends we, Always use the AWS IAM user for daily tasks rather than the AWS root user and safeguard your AWS root user credentials for tasks who only performed by the root user.
If you found this article helpful, please share and keep visiting for further AWS tutorials.
Have a nice day….