create an iam user in aws
15 Jan 2020

How to Create an IAM User in AWS?

Identity and Access Management (IAM)

Create an IAM User in AWS: If you log in with your email id and password then it is your root account. And it is not recommended to use the root account for performing daily tasks. There are your team members who are going to work on AWS along with you. And they need access to particular services on the AWS platform.

Here we are going to create some IAM Users as given below:

Emp. No. Name Role Authorities Emergency Contact no
0001 Sam Project Admin Full Admin Access 1234567890
0002 Navin Storage admin S3 bucket full access 1234567890
0003 Bhavesh Storage admin S3 bucket full access 1234567890
0004 Kamal Accountant Billing Access 1234567890
0005 Roni Accountant Billing Access 1234567890
0006 Rohan Storage Security Read Access for s3 1234567890


  • Assign proper tags for the Identification of users.
  • Activate MFA for the Root account.
  • Create a strong password policy.
  • Create an alias for IAM login URL.

Create an IAM user in AWS

1.1 Login with root account i.e. your email id and password on AWS console.

      You will see a window like this.

1.1 You will see a window like this.-min


1.2 Click on services and select IAM under Security, Identity, & Compliance.  

      Or search IAM in the search box.


1.3 After clicking on IAM you will be in the IAM console.

Your security status will be the same.

1.4 Click on Users to add new IAM user.

1.5 Click on add user  button

1.6 Username Sam 

1.7 Select Programmatic access

1.8 Select AWS Management Console access

1.9 password auto-generated

1.10 Leave other info as default.

1.11Click on Next: Permissions

1.12 Click on Attach Existing Policies Directly

1.13  Select administration access

1.14 Click on Next: Tags

1.15 Add tags like follow               

EmpNo. Role Authorities emergency contact
0001 Project Admin Full Admin Access 1234567890


1.16 Click on Next: Review

1.17 take a review and click on Create User

1.18 Click on the show button under Secret access key and secret access key.

Copy it to notepad or download the CSV file.

As per the scenario, there are two storage admin and two accountants. So instead of adding users and providing privileges to each user you can add a group, attach a policy to a group and add a user in that group.

Create IAM Group

Create two groups

  • StorageAdmin
  • Accountant

1.1 Go to IAM dashboard and click on a group

1.2 Click on Create a New Group

1.4 Group name:   StorageAdmin

1.5 Click on Next

1.6 Search policy for S3 in the search box.

1.7 Select AmazonS3FullAccess

1.8 Next step

1.9 Create Group

2.0 Same create a group name account  attach policy Billing


Add new  users into the group

2.1 On IAM dashboard click on users.

2.2 click on Add User

2.3 User name Navin

2.4 Click on add another user.

2.5 User name Bhavesh

2.6 Access type  AWS Management Console access

2.7 Leave else as default

2.8 click on Next: permission

2.9 Select StorageAdmin group

3.0 click  next:tags

And give the following tags

EmpNo. Role Authorities emergency contact
0002 Storage admin S3 bucket full access 1234567890
0003 Storage admin S3 bucket full access 1234567890


3.1 Same as create two users Kamal and Roni in account group. Give console access only.

            And provide the following tags.

Kamal 0004 Accountant Billing Access 1234567890
Roni 0005 Accountant Billing Access 1234567890


After doing all this your user dashboard will look like


Create an IAM Policy

Add user name Rohan and attach policy for s3 read-only access.

By default, there is no policy for s3 read. So your next task is to create a policy and attach a policy to the user.

3.1 Click on policies under IAM dashboard

3.2 Click on

3.4  Click on choose a service next to service.

3.5 Type s3 in the search box.

       And select s3 from search.

3.6 In Actions section select list and read under the access level. 

3.7 Under resources click on all resources.    


3.8 Click on Review Policy

3.9 Give name S3-ReadAccess and click on Create policy.

4.0 Create user Rohan with this policy. And give proper tags.

Emp. No. Name Role Authorities Emergency Contact no
0006 Rohan Storage Security Read Access for s3 1234567890


IAM user login alias

By default, login alias contains your AWS account id. It is not easy to remember every time. So you can add a new alias for your IAM user login.

4.1 Go to the IAM dashboard.

      You will get to see there is an IAM user login link.

4.2 In Front of that there is a customize button. Click on that.

4.3 Type your alias inbox. And click on Yes: Create

      An alias must be unique on the internet.


4.4 On the IAM dashboard you will get a new IAM user login link.  Copy that into your notepad.

4.5 Open new tab in Incognito mode (for Chrome) / private mode (firefox).

4.6 Pest link in URL.

4.7 Login with navin user’s credentials.

4.8 Pest old password and give new password “Password”

4.9 Click on services and search for s3. And click on s3 service.       


5.0 Navin you can manage s3.

5.1 Go to the IAM service.

       Navin, you can’t manage IAM.

Your policies are working. Same you can try for all other IAM users.

5.2 Close Incognito / private mode and come to the browser where your root user is logged in.

Activate MFA for the root account.

Come to the IAM dashboard. Under security status, you have a warning sign in front of Activate MFA.

Click on

Activate MFA on your root account

Click on the Manage MFA  button.

Again click on  Multi-factor authentication (MFA)

And then Activate MFA.

Select a Virtual MFA device and Click on the Continue button.

Click on Show MFA

Install Google Authenticator on your mobile device and scan QR code on mobile phones.

Add two Sequential MFA codes to the dashboard which is generated on Google authenticator on a mobile device.

Take a screenshot of QR code which may be useful for the future if you have lost your mobile phone.

And Click on Assign MFA

Create a strong password policy.

6.1 Click on Dashboard again.

6.2 Under security status the last status is for  Apply an IAM password policy

      Click on that.            

      Click on Manage password policy.

      Set password policy

Create a password policy with the following rules.

  1. Minimum password length 8 character
  2. Require at least one uppercase letter from the Latin alphabet (A-Z)
  3. Allow users to change their own password

The final policy will look like this

Click on save changes. And then Come on IAM Dashboard again.

You completed your security status 5 out of 5.


In this Lab, you got to know,

 how to

  1. Create an IAM user
  2. Create IAM group
  3. Adding users into a group
  4. Create and attach a policy
  5. Activate MFA
  6. Create a password policy