→ Go to IAM Service ( AWS Console > Services > Security, Identity, & Compliance > IAM )
→ Click on Access Management Section and Select Users,
→ Click on Add users, Then you will see 5 step process to create IAM user
| 1. | Add user | Add username, Access type (Password, Programmatic access) |
| 2. | Permissions | Add users to group or Copy permissions from existing user orAttach existing policies directly |
| 3 | Add Tags | Add Tags for particulars |
| 4 | Review | Review the Given Details, Modify if there is any mistakes |
| 5 | Create User | Click to Create users |
Step 1 : Add User
Add User name(must be unique within the aws account)
You can add Multiple users by clicking Add another user
Then Select AWS access type :
In Access type :
- Select AWS credential type :
Access key Programmatic access : For Command Line Access Permission
Password – AWS Management Console access : For GUI (AWS Website Login)
- Console password : Include a minimum of three of the following mix of character types: uppercase, lowercase, numbers, and ! @ # $ % ^ & * ( ) _ + – = [ ] { } | ‘
- Require password reset : If we tick this then if IAM user once login for the first time, AWS asks for change IAM User password, and he can able to rename his password
Step-2 : Add Permissions :
(i) Set Permissions :
Add users to group: If you have any group that contains any policy you can simply select that group and go for the next step.
Example : here we have already a group AwsUserIndia-Administrators, if we select that then
AdministratorAccess Permissions(policy) will be added to your account.
Copy permissions from existing user : It’s copies Permissions(policies) from existing user
Example : He we have a user , if we select him , your new account copies his Permissions(policies),
Here awsuserindia is IAM Administrator user then new user will be also IAM Administrator
Attach existing policies directly : here you can see policies list, you can select any Policy(Permission) to your new IAM Account.
Example : here I am adding only AmazonEC2FullAccess for the new IAM users.
(ii) Permission Boundary : This is an advanced feature used to delegate permission management to others. Learn more
Step-3 : AddTags
Most Important on Realtime work to identify , search, add particular service function to this users
Step – 4 – Review :
To Reach what the details you given for IAM User account Creation, once check them, if you need any modification , you can go back and change , by clicking the step numbers
If everything good, go for next final step,
If you click Create users , then it starts creating users
Step 5 : Create Users:
Here you can see the list of created iam users
→ Logging in IAM user & Exploring :
+ To Login Click URL : https://console.aws.amazon.com/console/home?nc2=h_ct&src=header-signin
+ Select IAM user, it asks for Account ID, to get click the user name on AWS Root User account, Copy it
Enter the Account ID and Click on Next
+ Enter User name and Password , Click on Sign in
+ Here you can see a new window to Reset Password, enter old and new passwords to change password
You don’t see this window if you have not select the tick at Require password reset
+ AWS Console and Account Details after successful login
Account id for IAM user : <IAM user name > @ <Root User Account ID>
+ Trying Services : Other than IAM User account Permission
Example : I Opened Amazon RDS (Database Service), tried to create Database, here you can see the response, iam-user-1 is not authorized to perform
+ Checking IAM USer Permission Service :
Here you can see it is opened
