Creating first IAM User
- To create IAM user, go to My Security Credentials–> Dashboard–> Create individual IAM Users. or Click on Users.
- Click on Add User
- Give the User Name whom access need to be given developer or production support individual.
- Each user account will have two types of access
- Programmatic access – To access the resources from AWS CLI
- AWS Management Console access – Able to sign-in AWS management console and manage the services or resources
- Give the Password (Auto-generated password is recommended) with an option to change the password in the next sign-in.
- We need to give the permissions to IAM user in three ways
- Based on the Group which is already created. – Mostly used approach to creating dev and testing etc.
- Copy from the existing user
- Add from the policy – Typically used for Ad-hoc users. E.g.: We assigned Amazon S3 read-only policy in the video.
- Now the user gets two policies – AmazonS3ReadOnly & IAMUserChangePassword, then Create User and send the information to the user through email.
- Logging in as IAM User and Validating the assigned policies
- Once the user receives the instructions on IAM user, he should be login into AWS Management console, reset the password on first sign-in and start using the account with the assigned permissions.
- Validating the policies through the management console
In the video, IAM user assigned with S3 read policy, when we tried to create a folder the S3 bucket, there is an error message.
- Validating the policy from AWS CLI
- First, configure CLI with the user credentials using ‘aws configure’
- You can run the command ‘aws s3 ls’ command to check the read access for the s3 account.
Create a group and add user
- In the video, we cleaned up AWS credentials and remove existing policies assigned to the user.
- It is recommended not to use the root account for administrative tasks also, instead, we can create one IAM administrative user.
- To create a new group
- Go to Groups –> Create a new group –> Give Group Name -> Attach Policy -> Click on create Group
- Add user to the Group
- Select the Created Group -> Click Group Actions -> Add Users to Group -> Select the users -> Add the user to that group.
- Now the user will have all the privileges assigned to that group.
- In the video, we have itversity admin group and added dgadiraju user to that group. So now the user has all the privileges as admin group has and able to do all administrative tasks.
- Now, in dashboard “user groups to assign permissions” security status will also be turned into green.
Validating the user permissions
- In the video, the permissions are validated by creating the S3 bucket.
Configure IAM password policy
- Click on Manage Password Policy
- Select the rules that need to apply
- Click on Apply Password Policy
- If we want to reset the password, make sure all the rules that are applied are followed.
- Now “Apply an IAM Password Policy” status also turned into the green on the dashboard.
Now that all the security status are turned into green, your account should be more secured. But whenever we are creating the users, groups or policies, we should take much take in order to avoid the unauthorized access to any other user.