AWS : Identity and Access Management (IAM) – Add User

AWS IAM – Identity Access Management enables to securely manage access to AWS services and resources. Once you have the services or resources created in AWS, you can give access to the Users by using IAM. Using IAM, you can create and manage AMS Users & Groups and also give permissions to them to allow or deny the access to AWS services or resources.

Why we need to create IAM Users.? This is mainly because of the Security. It is always not a good idea, to give full access to the IAM Services & Resources; to restrict this, create the Users and provide restricted access to them. For example: if you give read-only access to the Users, they are not allowed to change the AWS Services & Resources; just they are allows to access the details.

In this Article, I am going to explain, how to create User & give permissions to the User to access the EC2 Instance, what we have created in our earlier Article.

Step 1. Go to IAM Management Console and click on Add User button. IAM Management Console will open “Add User” page to allow you to create the Users.

AWS - IAM Management Console - Users
AWS – IAM Management Console – Users

Step 2. From “Add User” page, provide the user name in User name field. Select “Programmatic access” for Access type field. Click on Next button to set the permissions to the User.

AWS - IAM - Add User
AWS – IAM – Add User

Step 3. From “Set permissions“, create the group by clicking Create group button; which is under “Add user to group. IAM Management console will open “Create group” window to allow you to create groups.

Groups are useful to group the Users, by their job functions, AWS service access etc.,. For example: if you want to give Full Access to the Users, you can create a group with name Administrators and add the users to Administrators group; provide full permissions to Administrators group, so that all the Users will get the Full Access. This way you can avoid giving common permissions to individual users; and will save lot of time, if you use Group level permissions.

AWS : IAM - Add User - Set Permissions
AWS : IAM – Add User – Set Permissions

Step 4. From “Create group” window, provide the name of the group in Group name field. Now select the policies to the Group. I would like to give read-only access to the Group. So select ReadOnlyAccess policy and click on Create group button.

AWS : IAM - Create group
AWS : IAM – Create group

Step 5. Once the group is created, click on Next button to review your choices. If you want to modify any changes, press Previous button to go back to previous screens and do the changes. Once done, click on “Create user” button to create User.



Step 6. You will see, Success message; once the user is created. The most important thing is, the key details, IAM Management will create for the User. Access key ID & Secret access key are the details IAM Management will create for the User. You must save (download) these details by clicking “Download .csv” button.

Click on Show link to see the “Secret access key”. You must note down these details or download and save these details in secure place. You are allowed to access or see the “Secret access key” only when the User is created. YOU NEVER ALLOWED TO SEE Secret access key LATER TIME. So, only option is, download these details for future use. If you forget to note down or download these details, YOU NEVER EVER GET THESE DETAILS. You must have to re-create the User and note down the new details; modify the old key details with the new key details for the Use; wherever required.

And also note down the URL to connect to the IAM Management Console.

AWS : IAM - Add User - Success
AWS : IAM – Add User – Success

Step 7. You will see the created user name under Users.

Now we have the IAM User created, with read-only access. What next.? Lets’ try to access to AWS services & resources using the User details.

I will explain this in my next Article.

Always give your feedback, through below Comments.

[..] David

4 Comments

Add a Comment

Your email address will not be published.