Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed IAM or Identity and Access Management.
In this blog post, we are going to discuss IAM users. We will also create our 1st IAM user.
An IAM user is an entity that you create in AWS. The IAM user represents the person or service who uses the IAM user to interact with AWS. The primary use for IAM users is to give people the ability to sign in to the AWS Management Console for interactive tasks and to make programmatic requests to AWS services using the API or CLI. A user in AWS consists of a name, a password to sign into the AWS Management Console, and up to two access keys that can be used with the API or CLI.
When you first create an AWS account, you begin with a single sign-in user that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account. Using your root account you can create subsequent IAM users or roles and control access level through policy to resources.
When you create a user, IAM creates these ways to identify that user:
- A “friendly name” for the user, which is the name that you specified when you created the user, such as Debjeet or Bob. These are the names you see in the AWS Management Console.
- An Amazon Resource Name (ARN) for the user. You use the ARN when you need to uniquely identify the user across all of AWS. For example, you could use an ARN to specify the user as a Principal in an IAM policy for an Amazon S3 bucket. An ARN for an IAM user might look like the following: arn:aws:iam::<account_id>:user/Debjeet
- A unique identifier for the user. This ID is returned only when you use the API, Tools for Windows PowerShell, or AWS CLI to create the user; you do not see this ID in the console.
You can access AWS in different ways depending on the user credentials:
- Console password: A password that the user can type to sign in to interactive sessions such as the AWS Management Console.
- Access keys: A combination of an access key ID and a secret access key. You can assign two to a user at a time. These can be used to make programmatic calls to AWS. For example, you might use access keys when using the API for code or at a command prompt when using the AWS CLI or the AWS PowerShell tools.
- SSH keys for use with AWS CodeCommit: An SSH public key in the OpenSSH format that can be used to authenticate with AWS CodeCommit.
- Server certificates: SSL/TLS certificates that you can use to authenticate with some AWS services.
Note: By default, a brand new IAM user has no permissions to do anything. The user is not authorized to perform any AWS operations or to access any AWS resources.
Next, we are going to create an IAM user.
Create an IAM user:
Step 1: Login to AWS console and navigate to ‘IAM’.
Step 2: Navigate to ‘Users’ and click ‘Add user’.
Step 3: Provide a name and type of access and click ‘Next: Permissions’.
Note: You will get Access Key (access key ID and secret access key) if you select ‘Programmatic access’ and need to define your user password if you choose ‘AWS Management Console access’. In this demo, we are providing both access to the user debjeet.
Step 4: User permission page will load, click ‘Next: Tags’.
Note: You can assign permission to an IAM user by adding it to a group (the user will inherit permissions assigned to that group), by copying permission from another IAM user (the user will inherit permission of that user) or by directly attaching a policy to the user (not recommended for user manageability). You can also define the maximum permission that the user can have by setting permission boundary. In this demo, we will create the user without any permission or permission boundary.
Step 5: Provide a tag (optional) and click ‘Next: Review’.
Step 6: Review your IAM user configuration details and click ‘Create user’.
Step 7: IAM user successfully created.
Note: You can download your Access key (access key ID and secret access key) by clicking ‘Download.csv’ button. Once you close this page, you cannot retrieve this Secret Key again. Of course, you can create a new one.
Access Key for IAM user:
Secret Key for IAM user:
Console Login for IAM user:
ARN for IAM user:
Hope you have enjoyed this article. In the next blog post, we will provide access to this IAM user using Policy.
To get more details on IAM, please refer below AWS documentation