HomeAWS : Identity and Access Management (IAM) – Add User
AWS : Identity and Access Management (IAM) – Add User
August 5, 2018
AWS IAM – Identity Access Management enables to securely manage access to AWS services and resources. Once you have the services or resources created in AWS, you can give access to the Users by using IAM. Using IAM, you can create and manage AMS Users & Groups and also give permissions to them to allow or deny the access to AWS services or resources.
Why we need to create IAM Users.? This is mainly because of the Security. It is always not a good idea, to give full access to the IAM Services & Resources; to restrict this, create the Users and provide restricted access to them. For example: if you give read-only access to the Users, they are not allowed to change the AWS Services & Resources; just they are allows to access the details.
In this Article, I am going to explain, how to create User & give permissions to the User to access the EC2 Instance, what we have created in our earlier Article.
Step 1. Go to IAM Management Console and click on Add User button. IAM Management Console will open “Add User” page to allow you to create the Users.
Step 2. From “Add User” page, provide the user name in User name field. Select “Programmatic access” for Access type field. Click on Next button to set the permissions to the User.
Step 3. From “Set permissions“, create the group by clicking Create group button; which is under “Add user to group“. IAM Management console will open “Create group” window to allow you to create groups.
Groups are useful to group the Users, by their job functions, AWS service access etc.,. For example: if you want to give Full Access to the Users, you can create a group with name Administrators and add the users to Administrators group; provide full permissions to Administrators group, so that all the Users will get the Full Access. This way you can avoid giving common permissions to individual users; and will save lot of time, if you use Group level permissions.
Step 4. From “Create group” window, provide the name of the group in Group name field. Now select the policies to the Group. I would like to give read-only access to the Group. So select ReadOnlyAccess policy and click on Create group button.
Step 5. Once the group is created, click on Next button to review your choices. If you want to modify any changes, press Previous button to go back to previous screens and do the changes. Once done, click on “Create user” button to create User.
Step 6. You will see, Success message; once the user is created. The most important thing is, the key details, IAM Management will create for the User. Access key ID & Secret access key are the details IAM Management will create for the User. You must save (download) these details by clicking “Download .csv” button.
Click on Show link to see the “Secret access key”. You must note down these details or download and save these details in secure place. You are allowed to access or see the “Secret access key” only when the User is created. YOU NEVER ALLOWED TO SEE Secret access key LATER TIME. So, only option is, download these details for future use. If you forget to note down or download these details, YOU NEVER EVER GET THESE DETAILS. You must have to re-create the User and note down the new details; modify the old key details with the new key details for the Use; wherever required.
And also note down the URL to connect to the IAM Management Console.
Step 7. You will see the created user name under Users.
Now we have the IAM User created, with read-only access. What next.? Lets’ try to access to AWS services & resources using the User details.
I will explain this in my next Article.
Always give your feedback, through below Comments.
About The Author
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.