Blog

create an iam user in aws
15 Jan 2020

How to Create an IAM User in AWS?

Identity and Access Management (IAM)

Create an IAM User in AWS: If you log in with your email id and password then it is your root account. And it is not recommended to use the root account for performing daily tasks. There are your team members who are going to work on AWS along with you. And they need access to particular services on the AWS platform.

Here we are going to create some IAM Users as given below:

Emp. No.NameRoleAuthoritiesEmergency Contact no
0001SamProject AdminFull Admin Access1234567890
0002NavinStorage adminS3 bucket full access1234567890
0003BhaveshStorage adminS3 bucket full access1234567890
0004KamalAccountantBilling Access1234567890
0005RoniAccountantBilling Access1234567890
0006RohanStorage SecurityRead Access for s31234567890

Tasks:

  • Assign proper tags for the Identification of users.
  • Activate MFA for the Root account.
  • Create a strong password policy.
  • Create an alias for IAM login URL.

Create an IAM user in AWS

1.1 Login with root account i.e. your email id and password on AWS console.

      You will see a window like this.

1.1 You will see a window like this.-min

 

1.2 Click on services and select IAM under Security, Identity, & Compliance.  

      Or search IAM in the search box.

 

1.3 After clicking on IAM you will be in the IAM console.

Your security status will be the same.

How to Create an IAM User in AWS? 1

1.4 Click on Users to add new IAM user.

1.5 Click on add user  button

1.6 Username Sam 

1.7 Select Programmatic access

1.8 Select AWS Management Console access

1.9 password auto-generated

1.10 Leave other info as default.

How to Create an IAM User in AWS? 2

1.11Click on Next: Permissions

1.12 Click on Attach Existing Policies Directly

1.13  Select administration access

How to Create an IAM User in AWS? 3

1.14 Click on Next: Tags

1.15 Add tags like follow               

EmpNo.RoleAuthoritiesemergency contact
0001Project AdminFull Admin Access1234567890

How to Create an IAM User in AWS? 4   

1.16 Click on Next: Review

1.17 take a review and click on Create User

1.18 Click on the show button under Secret access key and secret access key.

Copy it to notepad or download the CSV file.

As per the scenario, there are two storage admin and two accountants. So instead of adding users and providing privileges to each user you can add a group, attach a policy to a group and add a user in that group.

Create IAM Group

Create two groups

  • StorageAdmin
  • Accountant

1.1 Go to IAM dashboard and click on a group

1.2 Click on Create a New Group

1.4 Group name:   StorageAdmin

1.5 Click on Next

1.6 Search policy for S3 in the search box.

1.7 Select AmazonS3FullAccess

How to Create an IAM User in AWS? 5

1.8 Next step

1.9 Create Group

2.0 Same create a group name account  attach policy Billing

         

Add new  users into the group

2.1 On IAM dashboard click on users.

2.2 click on Add User

2.3 User name Navin

2.4 Click on add another user.

2.5 User name Bhavesh

2.6 Access type  AWS Management Console access

2.7 Leave else as default

2.8 click on Next: permission

2.9 Select StorageAdmin group

3.0 click  next:tags

And give the following tags

EmpNo.RoleAuthoritiesemergency contact
0002Storage adminS3 bucket full access1234567890
0003Storage adminS3 bucket full access1234567890

           

3.1 Same as create two users Kamal and Roni in account group. Give console access only.

            And provide the following tags.

Kamal0004AccountantBilling Access1234567890
Roni0005AccountantBilling Access1234567890

 

After doing all this your user dashboard will look like

How to Create an IAM User in AWS? 6

 

Create an IAM Policy

Add user name Rohan and attach policy for s3 read-only access.

By default, there is no policy for s3 read. So your next task is to create a policy and attach a policy to the user.

3.1 Click on policies under IAM dashboard

3.2 Click on

3.4  Click on choose a service next to service.

3.5 Type s3 in the search box.

       And select s3 from search.

3.6 In Actions section select list and read under the access level. 

How to Create an IAM User in AWS? 7

3.7 Under resources click on all resources.    

How to Create an IAM User in AWS? 8       

3.8 Click on Review Policy

3.9 Give name S3-ReadAccess and click on Create policy.

4.0 Create user Rohan with this policy. And give proper tags.

Emp. No.NameRoleAuthoritiesEmergency Contact no
0006RohanStorage SecurityRead Access for s31234567890

 

IAM user login alias

By default, login alias contains your AWS account id. It is not easy to remember every time. So you can add a new alias for your IAM user login.

4.1 Go to the IAM dashboard.

      You will get to see there is an IAM user login link.

How to Create an IAM User in AWS? 9

4.2 In Front of that there is a customize button. Click on that.

4.3 Type your alias inbox. And click on Yes: Create

      An alias must be unique on the internet.

How to Create an IAM User in AWS? 10

 

4.4 On the IAM dashboard you will get a new IAM user login link.  Copy that into your notepad.

4.5 Open new tab in Incognito mode (for Chrome) / private mode (firefox).

4.6 Pest link in URL.

4.7 Login with navin user’s credentials.

How to Create an IAM User in AWS? 11

4.8 Pest old password and give new password “Password”

4.9 Click on services and search for s3. And click on s3 service.       

How to Create an IAM User in AWS? 12  

5.0 Navin you can manage s3.

5.1 Go to the IAM service.

       Navin, you can’t manage IAM.

How to Create an IAM User in AWS? 13

Your policies are working. Same you can try for all other IAM users.

5.2 Close Incognito / private mode and come to the browser where your root user is logged in.

Activate MFA for the root account.

Come to the IAM dashboard. Under security status, you have a warning sign in front of Activate MFA.

How to Create an IAM User in AWS? 14

Click on

Activate MFA on your root account

Click on the Manage MFA  button.

How to Create an IAM User in AWS? 15

Again click on  Multi-factor authentication (MFA)

And then Activate MFA.

How to Create an IAM User in AWS? 16

Select a Virtual MFA device and Click on the Continue button.

Click on Show MFA

Install Google Authenticator on your mobile device and scan QR code on mobile phones.

Add two Sequential MFA codes to the dashboard which is generated on Google authenticator on a mobile device.

Take a screenshot of QR code which may be useful for the future if you have lost your mobile phone.

And Click on Assign MFA

Create a strong password policy.

6.1 Click on Dashboard again.

6.2 Under security status the last status is for  Apply an IAM password policy

      Click on that.            

How to Create an IAM User in AWS? 17

      Click on Manage password policy.

      Set password policy

How to Create an IAM User in AWS? 18

Create a password policy with the following rules.

  1. Minimum password length 8 character
  2. Require at least one uppercase letter from the Latin alphabet (A-Z)
  3. Allow users to change their own password

The final policy will look like this

How to Create an IAM User in AWS? 19

Click on save changes. And then Come on IAM Dashboard again.

You completed your security status 5 out of 5.

How to Create an IAM User in AWS? 20

 

In this Lab, you got to know,

 how to

  1. Create an IAM user
  2. Create IAM group
  3. Adding users into a group
  4. Create and attach a policy
  5. Activate MFA
  6. Create a password policy