The AWS admin can grant full access to Amazon Simple Storage Service or the Amazon Elastic Compute Cloud, but there isn't a third platform for it. The security approach is more transparent and consistent than individually configuring account access. Amazon Web Services (AWS), as the name suggests, is the most comprehensively functioning and broadly adopted cloud service worldwide. AWS offers more than 200 fully featured services extended from globally functional data centers. Customers use many portals and platforms where tons of information is available; hence, controlling the same has become important with time. AWS, through IAM users, offers support to customers to gain control over what they can see and regulates the use of the platform’s resources and services. About IAM UserIdentity and Access Management (IAM) is a web service that helps users gain secure control access to the AWS pool of resources. Users can use it to centrally manage all kinds of permissions for controlling the AWS resources that revolve around user access issues. It helps control who is signed in through the account and who has been authorized or permitted to use the resources provided by the platform. Creating an AWS account is essential as it provides the user with one sign-in identity that has complete access to the services and resources linked to that particular account. This identity is called the root user, but it is not recommended for everyday tasks. Safeguarding the credentials is a requirement, as specific tasks can only be performed by the root user. Steps To Create An IAM User In Your AWS Account The process of creating a user and enabling the user to perform the work tasks is an easy job. The steps for the same are as follows: Creating A User From The AWS Management Console To create a user in AWS, you have to fill out a form, which is followed by receiving an access ID and a secret key to grant access. Step 1: Sign in to the AWS Management console as a ROOT user.Step 2: Click on the Services button, search for the IAM user, and click on the IAM user.Step 3: On the Left sidebar click on the Users link and click on Create User buttonStep 4: Then Specify user details for the IAM user.Step 5: Check on Providing user access to the AWS Management Console Checkbox and choose I want to create an IAM userStep 6: The next checks are up to you and then Click on the Next Button.Step 7: Add users to groups or you can create your own groups and select that and click on the Next ButtonStep 8: Now it will create an IAM User and show all details like username and password with Console Signin URL by which the user can sign in and access the AWS console.Note: After IAM user creation you can create its Access keys and add multiple securities like Multi-factor authentication. Create IAM User by CLIStep 1: Create the IAM Useraws iam create-user --user-name my-userStep 2: Attach a Policy to the Useraws iam attach-user-policy --user-name my-user --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccessStep 3: Create Access Keys(Optional)aws iam create-access-key --user-name my-userResponse:{ "AccessKey": { "UserName": "my-user", "AccessKeyId": "AKIAIOSFODNN7EXAMPLE", "Status": "Active", "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "CreateDate": "2024-06-04T15:00:00Z" } }Create IAM User by TerraformStep 1: Create the IAM user using the aws_iam_user resource.Step 2: Attach policies to grant the user permissions.Step 3: Optionally, create access keys if the user needs programmatic access to AWS services.provider "aws" { region = "us-west-2" # Specify your desired AWS region } # Step 1: Create IAM User resource "aws_iam_user" "example_user" { name = "terraform-user" tags = { Name = "Terraform User" } } # Step 2: Attach IAM Policy to User resource "aws_iam_user_policy" "example_user_policy" { name = "terraform-user-policy" user = aws_iam_user.example_user.name policy = jsonencode({ Version = "2012-10-17" Statement = [ { Action = "s3:*" Effect = "Allow" Resource = "*" }, { Action = "ec2:Describe*" Effect = "Allow" Resource = "*" } ] }) } # Step 3: Create Access Key (Optional) resource "aws_iam_access_key" "example_user_key" { user = aws_iam_user.example_user.name # Store the access key in the Terraform output (insecure) depends_on = [aws_iam_user.example_user] } # Step 4: Output Access Key and Secret (Optional) output "access_key" { value = aws_iam_access_key.example_user_key.id } output "secret_key" { value = aws_iam_access_key.example_user_key.secret sensitive = true }Step 4: terraform initStep 5: terraform validateStep 6: terraform applyUseful Commands for AWS IAM UserCommandDescriptionaws iam create-userCreates a new IAM user.aws iam get-userRetrieves information about a specific IAM user.aws iam list-usersLists all IAM users in the AWS account.aws iam update-userUpdates the name or path of an existing IAM user.aws iam delete-userDeletes an existing IAM user.aws iam create-login-profileCreates a password for the specified IAM user, giving the user the ability to access AWS services through the AWS Management Console.aws iam update-login-profileUpdates the password for the specified IAM user.aws iam delete-login-profileDeletes the password for the specified IAM user, removing their ability to access AWS services through the AWS Management Console.aws iam list-groups-for-userLists the IAM groups that the specified IAM user belongs to.aws iam add-user-to-groupAdds the specified IAM user to the specified IAM group.aws iam remove-user-from-groupRemoves the specified IAM user from the specified IAM group.aws iam create-access-keyCreates a new access key pair for the specified IAM user.aws iam list-access-keysLists the access keys associated with the specified IAM user.aws iam update-access-keyChanges the status (active or inactive) of the specified access key for the specified IAM user.aws iam delete-access-keyDeletes the specified access key for the specified IAM user.aws iam list-attached-user-policiesLists all managed policies attached to the specified IAM user.aws iam attach-user-policyAttaches the specified managed policy to the specified IAM user.aws iam detach-user-policyDetaches the specified managed policy from the specified IAM user.aws iam list-user-policiesLists all inline policies embedded in the specified IAM user.aws iam put-user-policyAdds or updates an inline policy document embedded in the specified IAM user.aws iam get-user-policyRetrieves the specified inline policy document embedded in the specified IAM user.aws iam delete-user-policyDeletes the specified inline policy document embedded in the specified IAM user.aws iam list-signed-certificatesLists the SSL certificates associated with the specified IAM user.aws iam update-signing-certificateChanges the status of the specified SSL certificate for the specified IAM user.aws iam upload-signing-certificateUploads an SSL certificate for the specified IAM user.aws iam delete-signing-certificateDeletes the specified SSL certificate for the specified IAM user.aws iam list-service-specific-credentialsLists the service-specific credentials associated with the specified IAM user.aws iam reset-service-specific-credential-secretResets the password for the specified service-specific credential associated with the specified IAM user.aws iam update-service-specific-credentialChanges the status (active or inactive) of the specified service-specific credential for the specified IAM user.aws iam delete-service-specific-credentialDeletes the specified service-specific credential for the specified IAM user.aws iam list-ssh-public-keysLists the SSH public keys associated with the specified IAM user.aws iam update-ssh-public-keyChanges the status of the specified SSH public key for the specified IAM user.aws iam upload-ssh-public-keyUploads an SSH public key for the specified IAM user.aws iam delete-ssh-public-keyDeletes the specified SSH public key for the specified IAM user.AWS - Meaning And Services To UsersAWS offers IAM users, which has expanded to include identity and access management. The offering helps customers gain control over who or what they can see and use the resources and services. Admins can help create users and groups and grant them access to different resources through policies. Policy-based access control helps enable granular allowance or denial of decisions from a centralized and common point of control. Amazon Web Services (AWS), as the name suggests, is the most comprehensively functioning and broadly adopted cloud service worldwide. AWS offers more than 200 fully featured services extended from globally functional data centers. AWS admins can rely on policies and guidelines rather than individual configurations. This helps set up security for all functional accounts on the platform. Also, admins tend to enjoy the benefit of programmatically creating and configuring users and their accounts. However, users can face issues related to the basics of AWS Identity and Access Management. The guide will help you get started with it and use it. Benefits Of AWS IAM userThe AWS IAM User benefits cloud users for the following reasons: There is a centralized portal for all identities and their access.The multifactor authentication complies with the security concerns on all user accounts.There are granular permissions through the platform policies. The sharing with others option grants limited access only.It is a free tool; however, AWS guarantees the resources used by the user accounts. Setting Up AWS User Credentials In The CLIThere’s another way of accessing the features of AWS IAM. You can use the AWS CLI to access the features. The AWS Command Line Interface (CLI) is another way that enables the admin to use the shell they want, or the CLI can interact with the AWS services. The options are either Linux distribution or shell. The guide covers a Bash shell running on the Ubuntu Linux distribution. The steps are as follows: You must install the AWS CLI on your system and begin using the command in the Bash terminal. Next, you have to run the AWS configuration command present in the shell, which will help you quickly set up the access key and secret ID access that will be obtained from AWS. It is obtained after you complete the above-mentioned set of steps. Your credentials are saved in a local file. The CLI-user programmatic access is set up after completing these steps. You can create an account for creating other users and also choose to give them policy-based access through the AWS CLI. To create a user using IAM, you have to run the AWS IAM create-user command. You must ensure that you run it with a legitimate username. This command helps create a new user, and you'll also get the required details in the bash console. You have to identify the appropriate policies to determine the user's access level. You have to pass commands to get full access to the user. You have to check the user details. Also, don't forget to glance at the list of user permissions granted after following all the steps. After creating the user and attaching the apt user policy, you should not forget to verify that the AWS assigned is done correctly. You can do a quick check by glancing at the user details. The list-users command will help you check it. Also, you can use the attached policies command to check the entire list of attached policies for any particular user account. Common Issues & Troubleshooting while creating IAM User in AWSPermission Errors:Issue: Access denied errors.Solution: Ensure policies are correctly attached and the principle of least privilege is applied.MFA Setup Problems:Issue: MFA is not working.Solution: Verify MFA device setup and synchronization with AWS.Credential Management:Issue: Lost access keys.Solution: Rotate keys regularly and securely store them.Policy Conflicts:Issue: Overlapping policies causing unexpected behavior.Solution: Review and simplify policies, removing redundancies.User Lifecycle Management:Issue: Users are not deactivated.Solution: Implement a regular audit and deactivation process.Best Practices for IAM UsersUse Multi-Factor Authentication (MFA): Enable MFA for all IAM users to add an extra layer of security.Principle of Least Privilege: Grant users only necessary access.Regular Audits: Perform regular audits of IAM policies and user permissions to ensure compliance and detect any issues.Strong Password Policies: Create strong password policies, including complexity requirements and regular password changes.Monitor Activity: Use AWS CloudTrail to monitor and logs of user activity for security.Conclusion - IAM userThe best IAM practices suggest the need for human users to use the federation with an identity provider that helps to get access to temporary credentials. It is a step that helps use the information when needed and not use the IAM users with long-term credentials. Creating an IAM user in the AWS account is easy if you cater to the requirements and follow the steps diligently. The guide will help you successfully make and operate your user account based on the requirements. Read Morehttps://devopsden.io/article/what-is-aws-and-how-it-worksFollow us onhttps://www.linkedin.com/company/devopsden/
