IAM Hands On
IAM Users & Groups Hands On
Let’s practice on AWS using the IAM service to create users & groups.
- Go to Searchbar of AWS Console, and type for IAM
Now you will see some security recommendations, which is not important to take into consideration for now
- On LHS, go to or click on Users (it is under the Dashboard)
- Now if you notice something, on top right corner on your AWS, the region is marked as Global. Since IAM is a Global Service.
- So when you create a user in IAM, it is available everywhere
Now we have users, why do we create Users?
- Right now, if you see (as mentioned in theory lecture). We are using root user, which is not a good practice. So you will need to create a User for yourself which has administrative access
How to know if the account is the root account?
- On the top right corner, if you click besides the region section, you will see your account name, click on that and you will see only the Account ID number only
When you sign-in as IAM user, you will be able to see IAM username and Account ID. In Root Account, you will only see Account ID only.
CAUTION : Please be advised to not to lose account credentials for Root Account, or else you will have to contact AWS Support for this. Throughout the course, it is recommended to use IAM user account and not root account.
—
- Now we will create Admin Users (that will allow us to use our accounts more safely). Click on Create Users
- Provide Username, For example : Pratham. Then I will provide myself access to the management console. So Now checkmark this Provide user access to the AWS Management Console. It will ask for 2 options, See the notes below from GPT:
- Password Configuration
Now we have to set the password. We have 2 options: a. Autogenerated password and b. Custom Password. Now if you are creating a user that is not you and it is for others, then select Autogenerated Option with the checkbox ticked (as shown in the image below). Custom Password is for you, if you are going to create a user for yourself.
4. Set Permissions Page
1. Set Permissions
a. Create a User Group and set IAM Policies (Policies are setting of the permissions or access to AWS Services)
b. Add the user to the User Groups
2. Review and Create
a. Add tags (used to give metadata to many of your resources) Optional
i. Meta Data are in the form of Key Value pairs. So for example, you or the user are in the department and that department belongs to Engineering Section. This Meta Data gives clearer picture about the user.
b. Review the User Details and then click on create a User
3. Retrieve Password Step
a. Now the user are created. You can either email the instructions on how to login on AWS Console and the password details.
b. You can (as root account holder) can download the user list in form of CSV or JSON file. OR you can view the users in the user list
c. You can also see the users in the form of User Groups. So currently we have Admin Group with my account name. Besides that you can look into permissions with the IAM Permission or Policies Set up for that User Group.
d. Things to Observe:
i. Now the users that you have created, it is created by including them in a group, and the permissions set are given by the Group specifically. So Pratham in User Group namely Admin, has the permissions or IAM policies coming from the User Group Admin. This user group has permissions of IAM Policy of Adminstrative Access.
ii. See you can create users without groups and set specifically policies but it is not recommended. You should create groups, so it becomes easier to manage Permissions by the Group.
——
Note that:
For signing as IAM user, you can create AWS Account ID alias. Now this is possible through Root Account only. This becomes easier for users to sign in, because everytime, you have to use Account ID number to sign in as IAM User, so Alias name would be good enough.
For IAM User Login, First you will input Account ID number or Alias, then usernmae (no email) and then the password to sign in as a user
GPT Notes