AWS IAM – Identity Access Management enables securely manage access to AWS services and resources. Once you have the services or resources created in AWS, you can give access to the Users by using IAM. Using IAM, you can create and manage AMS Users & Groups and also give permissions to them to allow or deny access to AWS services or resources.
Why do we need to create IAM Users.? This is mainly because of the Security. It is always not a good idea, to give full access to the IAM Services & Resources; to restrict this, create the Users and provide restricted access to them. For example: if you give read-only access to the Users, they are not allowed to change the AWS Services & Resources; just they are allowed to access the details.
In this article, I am going to explain, how to create a User & give permissions to the User to access the EC2 Instance, which we have created in our earlier article.
Step 1. Go to IAM Management Console and click on Add User button. IAM Management Console will open the “Add User” page to allow you to create the Users.
Step 2. From the “Add User” page, provide the user name in the User name field. Select “Programmatic access” for the Access type field. Click on the Next button to set the permissions to the User.
Step 3. From “Set permissions“, create the group by clicking Create group button; which is under “Add user to group“. IAM Management console will open the “Create group” window to allow you to create groups.
Groups are useful to group the Users, by their job functions, AWS service access, etc. For example: if you want to give Full Access to the Users, you can create a group with the name Administrators and add the users to the Administrators group; provide full permissions to the Administrators group, so that all the Users will get the Full Access. This way you can avoid giving common permissions to individual users; and will save a lot of time if you use Group level permissions.
Step 4. From the “Create group” window, provide the name of the group in the Group name field. Now select the policies for the Group. I would like to give read-only access to the Group. So select ReadOnlyAccess policy and click on Create group button.
Step 5. Once the group is created, click on the Next button to review your choices. If you want to modify any changes, press the Previous button to go back to previous screens and do the changes. Once done, click on the “Create user” button to create User.
Step 6. You will see, Success message; once the user is created. The most important thing is, the key details, IAM Management will create for the User. Access key ID & Secret access key are the details IAM Management will create for the User. You must save (download) these details by clicking the “Download .csv” button.
Click on Show link to see the “Secret access key”. You must note down these details or download and save these details in a secure place. You are allowed to access or see the “Secret access key” only when the User is created. YOU NEVER ALLOWED TO SEE Secret access key LATER TIME. So, the only option is, download these details for future use. If you forget to note down or download these details, YOU NEVER EVER GET THESE DETAILS. You must have to re-create the User and note down the new details; modify the old key details with the new key details for the Use; wherever required.
And also note down the URL to connect to the IAM Management Console.
Step 7. You will see the created user name under Users.
Now we have the IAM User created, with read-only access. What next.? Lets’ try to access AWS services & resources using the User details.
I will explain this in my next article.
Always give your feedback, through the below Comments.