AWS provides a variety of services, resulting in a variety of responsibilities and the necessity to keep the servers accessible only to those with authorisation.
In AWS, Identity Access Management (IAM) allows us to create a digital identity for an account, allowing the account holder (user) to execute certain tasks or utilise particular policies/resources while we, as the root user, can keep track of which services they used or accessed.
Your questions would be
- What is a root account, specifically?
- What is the purpose of creating a user?
- How do you make one?
The root account is the one you get when you set up your AWS account for the first time.
- Rather than utilising our root account to accomplish regular tasks, we as root users must create an user with 'Administrative access' and perform the regular tasks using that account.
- and the users we create using the root account are known as 'IAM Users'.
- You should only use the root account for the most vital operations.
To create a User Account search for 'IAM Dashboard' on your account and click the link.
You can see the options for Users, User Groups ...
- [ ] Click Users
Give yourself a username that you can use to log in later.
When creating a user, you must choose between the following access types:
i. Programmatic access : Provides an access key (for authorization) and secret key (for using API, SDK and different AWS tools) ****
ii. AWS Management Console access : Provides a password required to log into AWS Management Console
For now we go with the second option i.e., AWS Management Console access
- [ ] Setting Permissions:
Since we haven't created a group nor have an existing user click 'Attach Existing Policies' and check 'AdministratorAccess' and proceed to Next Page.
[ ] Adding tags:
Tags come in handy when we need to find a certain person in a huge group.
It **is optional, so let's just skip it for now and proceed to **Next Page.
[ ] Review:
We're sent to a page that lists all of the options we've selected so far.
- [ ] Success Page:
- You've arrived at a success page indicating that you've created a user account.
If you've previously checked Programmatic access, you may have received two keys labelled access key and secret key, which you must COPY to a safe location because it is only available once.
Keep an eye out for a link like (https://your_ID.signin.aws.amazon.com/console), and that's the site you'll need to use to log in as an IAM User.
Before you login as an User open the URL in incognito mode or you may need to Sign Out first in the current browser window.
Now Redirect to the above-mentioned site and log in using the username and password you gave.
You'll see that you've logged in as a 'IAM User' on your profile.
As this user, you can utilise services like EC2, S3, and others, since you've given 'Administrative Access'
Feel free to leave a comment if you enjoyed or disliked this post. I'd appreciate it if you could provide feedback.
Follow me on twitter