AWS Identity and Access Management (IAM) is an AWS web service that helps you securely control access to resources in an AWS account.
When one first creates an AWS account you are by default the root user. It has a single sign-in identity and is accessed by signing in with the email address and password that you used to create the account.
It is best practice to create an IAM user account for your day-to-day operations and only use the root account privileges when needed.
https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html#aws_tasks-that-require-root
There are a number of benefits features and benefits that come with setting up an IAM User.
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users.
This article focuses on how to create your first IAM user via the AWS console.
Create an Administrative Account from the root user account
Sign in to your root account. After logging in
- ** AWS Identity and Access Management**
Navigate to the search bar and search IAM.
This will open to a new page which provides the settings to create your user.
In this case since the account is new the user will have administrative privileges'.
"It is best practice to make an administrative user account to run your operational tasks than using the root account due to security issues"
There are a number of settings to configure.
Access type guides in how the user will access the AWS account
in this case you allow access programmatic access and AWS management console access
There is also the option of password auto generate or you can also provide a password
3.Set permissions
Permissons are a set of rules that restrict an user to a set of tasks and roles.
There are three options to choose from
1.Add user to a group
This is where a set of users are placed together under uniform permissions.
Coping rules from an existing user
In this case an permissions are borrowed from an existing user.Attaching existing policies
This are a set of predefined permissions to choose from provided by AWS.
It is best practice to use groups for consistency, as it is less prone from mismatch which may occur when using policies.
In this case create a group and name it "Admins", grant it the admin permissions job function.
Click on create group and it should successfully create it.
- Add tags Tags are used to easily identify, track or control access to a user. They may include user information like employee ID n.o or email address.
After you are done click on review at the bottom right section and to then to the create page.
You are provided with the access ID, secret access key password and the email you register with. A download csv link is provided and should be stored in a safe and secure place as it has the login credentials.
A log in link is provided by Amazon at the successful pop message in which you use to log in to the new account.
I hope this article is insightfully as you begin your AWS journey
Top comments (0)