Wednesday, November 22, 2023

AWS Tips - Create an IAM User


Scenario

After you open an account on AWS, you can sign in with your email address as the root user who has complete access to all the services and resources in your account. From the perspective of security, AWS recommends the minimum privilege for operations. Hence, the best practice is that you enable MFA authentication for the root user, delete the associated access key, and create an IAM user to sign in the Management Console. At the same time, you attach the necessary privilege to the created IAM user and assign it with temporary credentials. 

You sign in as the root user for the tasks that only the root user can do.



Examples

Select IAM service from the Management Console. Select Users in the navigation pane. 

Click Create user button and you’ll see the screenshot below.



Enter a username in User name box that you prefer.

Click the checkbox next to Provide user access to the AWS Management Console – optional, and select I want to create an IAM user.



For Console password, you can choose either Autogenerated password or Custom password. Here we proceed with specifying a custom password.

For Users must create a new password at next sign-in - Recommended, it is checked by default. We just follow the default setting.

Click Next.



Under Permissions options, we choose Add user to group.

Select GroupAdmin from User groups which is assigned with AdministratorAccess permission.

Click Next.



Here comes the review page. Click Create user button on the bottom.



A message reading “User created successfully” shows up on the top.

You can find the Console sign-in details of the IAM user on the center of the page.



Click Download .csv file button to save the sign-in details into a csv file.



So, we can use the provided link to sign in AWS now.

Enter the Account ID and the IAM user name and the custom password.

Click Sign in.


Enter a new password, for we’ve chosen Users must create a new password at next sign-in - Recommended on the previous page.

Click Confirm password change.



Here you are. You are at Console Home now.



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

AWS - Build A Serverless Web App

 ‘Run your application without servers’. The idea presented by the cloud service providers is fascinating. Of course, an application runs on...