DEV Community

Sathish P
Sathish P

Posted on • Updated on

Users, Groups & Roles

#devops #cloud #aws

Demonstration on how to setup and configure users, groups and roles and differences between them.

In AWS IAM, all three elements are considered as objects.

Users

A User object can represent a real person who requires access to operate and maintain the AWS environment or access the AWS resources or services programmatically.

Users are representing an Identity which are used in the authentication process to the AWS account.

Creating a User

Users can be created using AWS Management Console or Programmatically via AWS CLI, IAM HTTP API, Tools for windows powershell.

  • Creating user name which can be upto 64 characters in length.

Creation Page

  • Selecting AWS access type:

User access type

Programmatic:
Enables an access Key Id and Secret access key for the AWS CLI, API, SDK.
AWS Management Console :
Enables a password that allows users to sign-in to the AWS Management Console.

  • Set permissions for the user:

For give access to the user AWS has 3 ways.

  • From user groups

Add the user to one particular user groups, the permission which are assigned for the groups will automatically applicable for the particular user.

User permissions

  • Add policies directly

Admin can directly add an existing policies or can create new policies.

Attach policies to an User

  • Adding tags are optional

  • Reviewing the user

Review

  • After the successful user creation

Download the .csv file for the access keys and password for the created user.

Created User

Admin can send e-mail for the user using send-email link.

Groups

-> Groups can contain only users and not other groups
creating group for an user/users:-

Image description

Image description

Have to provide the group name and there we can add the users to the group as well if already users exists as below

Image description

if user didn't exists while creating the group , we can specify the group while user creation.

While creating the group if we have to attach the policies at the group level we can as per the below screenshot.

Image description

Image description

Group has been create by showing the number users and creation time.

Image description

Roles

Roles can be assumed by the entities to get the credentials

Image description

Most commonly we will do for AWS services and common roles are EC2 and lambda

Image description

we can create our own policy or can select from exists policies. we have to provide role name and description.

Image description

The JSON document for the role will be defined in below format.

tags are optional.

Image description

The roles has been created.

Image description

Top comments (0)

Read next

rd17 profile image

How to Set Up Minio Object Storage on Linux with Systemd

RD17🧑🏽‍💻 -

hoangguruu profile image

DevOps Beginner | Day 100 | Roadmap to become a DevOps Engineer

Hoang Guruu -

chinmay13 profile image

Configuring Apache Web Servers on EC2 Instances Using Ansible and Terraform

Chinmay Tonape -

sarvar_04 profile image

🚀 How I Passed the GitHub Foundation Exam: A Step-by-Step Guide 💼

Sarvar Nadaf -