AWS (acronym for Amazon Web Services) is a subsidiary Amazon Inc that provides on-demand reliable, scalable, and inexpensive cloud services to individuals, corporate organisations and governments.
IAM is the Identity and Access Management of the AWS Accounts, this is where the whole AWS Security is managed, including Users, Groups and Roles. IAM is very important because, it is discouraged for a user to use or share his/her root account. Root users are supposed to create a group and roles with appropriate access and grant the roles to their users. Root users have access to all the AWS infrastructure.
Here are the steps involved in creating Administrator Access Permission for AWS IAM user:
- Account Creation
The first step to use any services on AWS is the account creation step. To do this, go to https://aws.amazon.com to create the account by specifying your email address, password and the account name.
Note: You will be asked for your credit/debit card information during registration and a temporary authorisation charge of $1 will be debited from your card, this is to confirm that your card is valid and that it’s not been reported lost or stolen. This charge would disappear within 3 to 5 business working days as AWS does not proceed with the charge.
2. Sign in into your account
After successful account creation, the next line of account is to login into your account with the just created username (email), click on ‘Next’ and specify your password
You can also enable Multi-Factor Authentication for more security on your AWS account.
3. Create IAM administrative access
Search for IAM on the services menu, this is in order not to use your root account to create AWS resources. Your IAM users sign-in link would be displayed on the top left corner. Usually, in the form of https://<username>.signin.aws.amazon.com/console, where <username> is the username you specified during the registration.
First, create a group by selecting ‘Group’ at the top left corner of the IAM page, now, select ‘New Group’ at the top left corner of the following page.
Next, provide your desired name for the group you want to create and click on the ‘Next Step’ button at the bottom right corner of the page.
If you know the name of the policy you want to assign to the group, just type it at the ‘Policy Type’ search box provided on top of the table, if you can see the policy type, select the policy name by clicking on the checkbox close to the policy, in this case, ‘AdministratorAccess’. Click on ‘Next Step’ button.
Review all the information you have provided and verify that you are Ok to create a new group, then click on ‘Create Group’ button in order to finally create your Group.
After the successful creation of the group, the next line of action is the creation of the user whom the Group would be assigned to. Now click on ‘Users’ at the top left corner and click on ‘New User’
There are two possible access types that for the users:
- Programatic Access: This enables an Access key ID and secret access key for the AWS API, SDK, CLI and other development tools
- AWS Management Console Access: Allows user being created to have access to sign in through AWS Management Console
In this case, we can enable both since we want to be able to programmatically access the services on AWS and at the same time we want to create a user that will be able to login into the AWS Management Console.
Next step is to add the user to the existing group we just created called ‘new-admin’, if you can see the group name in the table, just click on the check box near it, otherwise, use the Search box above the table to search for the group name and select it as shown above. Next, click on ‘Next: Tags’ button.
Tags are key-value pair to help identify resources in AWS. In this case, tags in users can help us identify their job titles, email address, phone number if necessary. Tag is optional, as we do not have to add them if we do not have reasons for it. Next click on ‘Next: Review’ button in order to review all the information specified for the user.
The last bit is the Review, check out all the information you have provided if they are all you want, if not, click on ‘Previous’ button to change whatever information that needs to be changed and eventually, click on ‘Create User’ button.
After clicking on ‘Create User’ button, the image above is shown that allows you to download your Access Key ID and Secret access Key as .CSV, you can also send the login details as an email to your provided email address. Please keep the credential save as you will need it later and this is the only time it will be generated for you, if you lose it, you might have to generate another one later.