First we studied the basics of IAM now we do some hands on exercises. If you follow along most of the things we do while learning AWS will be completed in the AWS free tier. So you don't need to worry but remember always follow the clean up paragraph at the end of each hands on article.
Lets first create an admin user so that we don;t have to use our root user which can lead to a devastation.
To create an admin user follow the steps below I've also provided images to follow along.
- Login as you root user in your aws account. On this window select root user and login using your root id and password If you land on an IAM user window somehow select the option below
Set user details as required.
- Username: This is a unique username all across aws
- Access type: Programmatic access using this you get access using Keys which you use while connecting with API, CLI, SDK used mostly be software developers(We will learn about this later in more detail)
- Console Access: This provides access to the AWS management console using a password like the way we login into it
- Console Password: Form there you can use an auto generated AWS password or a custom password based on needs
- Require password reset: This is set if you want your user to reset his password on first login. Click on next after this
- Now we set the permissions for this user. This has 3 options
- Add user to group: Here we can add a user to a group. Which we have not learnt so don't worry about this
- Copy permissions from existing user: We don't have any existing user so we can't do anything
- Attach existing policies directly: AWS has a lot of existing policies form which we can select check these policies and use it according to your needs. For this exercise we are creating a shadow root user as learnt in previous article. You can use filter and filter the admin policy named AdministratorAccess. Select this and move onto the next step.
Now, we set the tags, imagine you are a big corporation and you want to manage your users. To data AWS provides us with tags which we can join to a user to identify it. Like Job Postion: Developer. Here you can add as many tags as you need to identify it.
This is it for today next we will create user groups.