Devops

How to Create IAM User in AWS?

Description of the image

The AWS admin can grant full access to Amazon Simple Storage Service or the Amazon Elastic Compute Cloud, but there isn't a third platform for it. The security approach is more transparent and consistent than individually configuring account access. 

Amazon Web Services (AWS), as the name suggests, is the most comprehensively functioning and broadly adopted cloud service worldwide. AWS offers more than 200 fully featured services extended from globally functional data centers. 

Customers use many portals and platforms where tons of information is available; hence, controlling the same has become important with time. AWS, through IAM users, offers support to customers to gain control over what they can see and regulates the use of the platform’s resources and services. 

About IAM User

Identity and Access Management (IAM) is a web service that helps users gain secure control access to the AWS pool of resources. Users can use it to centrally manage all kinds of permissions for controlling the AWS resources that revolve around user access issues. It helps control who is signed in through the account and who has been authorized or permitted to use the resources provided by the platform. 

Creating an AWS account is essential as it provides the user with one sign-in identity that has complete access to the services and resources linked to that particular account. This identity is called the root user, but it is not recommended for everyday tasks. Safeguarding the credentials is a requirement, as specific tasks can only be performed by the root user. 

Steps To Create An IAM User In Your AWS Account 

The process of creating a user and enabling the user to perform the work tasks is an easy job. The steps for the same are as follows: 

Creating A User From The AWS Management Console 

To create a user in AWS, you have to fill out a form, which is followed by receiving an access ID and a secret key to grant access. 

Step 1: Sign in to the AWS Management console as a ROOT user.

Step 2: Click on the Services button, search for the IAM user, and click on the IAM user.

Click on the Services button, search for the IAM user

Step 3: On the Left sidebar click on the Users link and click on Create User button

Step 4: Then Specify user details for the IAM user.

Specify user details

Step 5: Check on Providing user access to the AWS Management Console Checkbox and choose I want to create an IAM user

Providing user access to the AWS Management Console

Step 6: The next checks are up to you and then Click on the Next Button.

Next Button.

Step 7: Add users to groups or you can create your own groups and select that and click on the Next Button

Add users to groups

Step 8: Now it will create an IAM User and show all details like username and password with Console Signin URL by which the user can sign in and access the AWS console.

access the AWS console.

Note: After IAM user creation you can create its Access keys and add multiple securities like Multi-factor authentication.

 

Create IAM User by CLI

Step 1: Create the IAM User

aws iam create-user --user-name my-user

Step 2: Attach a Policy to the User

aws iam attach-user-policy --user-name my-user --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

Step 3: Create Access Keys(Optional)

aws iam create-access-key --user-name my-user

Response:

{
    "AccessKey": {
        "UserName": "my-user",
        "AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
        "Status": "Active",
        "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
        "CreateDate": "2024-06-04T15:00:00Z"
    }
}

Useful Commands for AWS IAM User

CommandDescription
aws iam create-user
Creates a new IAM user.
aws iam get-user
Retrieves information about a specific IAM user.
aws iam list-users
Lists all IAM users in the AWS account.
aws iam update-user
Updates the name or path of an existing IAM user.
aws iam delete-user
Deletes an existing IAM user.
aws iam create-login-profile
Creates a password for the specified IAM user, giving the user the ability to access AWS services through the AWS Management Console.
aws iam update-login-profile
Updates the password for the specified IAM user.
aws iam delete-login-profile
Deletes the password for the specified IAM user, removing their ability to access AWS services through the AWS Management Console.
aws iam list-groups-for-user
Lists the IAM groups that the specified IAM user belongs to.
aws iam add-user-to-group
Adds the specified IAM user to the specified IAM group.
aws iam remove-user-from-group
Removes the specified IAM user from the specified IAM group.
aws iam create-access-key
Creates a new access key pair for the specified IAM user.
aws iam list-access-keys
Lists the access keys associated with the specified IAM user.
aws iam update-access-key
Changes the status (active or inactive) of the specified access key for the specified IAM user.
aws iam delete-access-key
Deletes the specified access key for the specified IAM user.
aws iam list-attached-user-policies
Lists all managed policies attached to the specified IAM user.
aws iam attach-user-policy
Attaches the specified managed policy to the specified IAM user.
aws iam detach-user-policy
Detaches the specified managed policy from the specified IAM user.
aws iam list-user-policies
Lists all inline policies embedded in the specified IAM user.
aws iam put-user-policy
Adds or updates an inline policy document embedded in the specified IAM user.
aws iam get-user-policy
Retrieves the specified inline policy document embedded in the specified IAM user.
aws iam delete-user-policy
Deletes the specified inline policy document embedded in the specified IAM user.
aws iam list-signed-certificates
Lists the SSL certificates associated with the specified IAM user.
aws iam update-signing-certificate
Changes the status of the specified SSL certificate for the specified IAM user.
aws iam upload-signing-certificate
Uploads an SSL certificate for the specified IAM user.
aws iam delete-signing-certificate
Deletes the specified SSL certificate for the specified IAM user.
aws iam list-service-specific-credentials
Lists the service-specific credentials associated with the specified IAM user.
aws iam reset-service-specific-credential-secret
Resets the password for the specified service-specific credential associated with the specified IAM user.
aws iam update-service-specific-credential
Changes the status (active or inactive) of the specified service-specific credential for the specified IAM user.
aws iam delete-service-specific-credential
Deletes the specified service-specific credential for the specified IAM user.
aws iam list-ssh-public-keys
Lists the SSH public keys associated with the specified IAM user.
aws iam update-ssh-public-key
Changes the status of the specified SSH public key for the specified IAM user.
aws iam upload-ssh-public-key
Uploads an SSH public key for the specified IAM user.
aws iam delete-ssh-public-key
Deletes the specified SSH public key for the specified IAM user.

AWS - Meaning And Services To Users

AWS offers IAM users, which has expanded to include identity and access management. The offering helps customers gain control over who or what they can see and use the resources and services. Admins can help create users and groups and grant them access to different resources through policies. Policy-based access control helps enable granular allowance or denial of decisions from a centralized and common point of control. 

Amazon Web Services (AWS), as the name suggests, is the most comprehensively functioning and broadly adopted cloud service worldwide. AWS offers more than 200 fully featured services extended from globally functional data centers. 

AWS admins can rely on policies and guidelines rather than individual configurations. This helps set up security for all functional accounts on the platform. Also, admins tend to enjoy the benefit of programmatically creating and configuring users and their accounts. 

However, users can face issues related to the basics of AWS Identity and Access Management. 

The guide will help you get started with it and use it. 

Benefits Of AWS IAM user

The AWS IAM User benefits cloud users for the following reasons: 

  1. There is a centralized portal for all identities and their access.
  2. The multifactor authentication complies with the security concerns on all user accounts.
  3. There are granular permissions through the platform policies. 
  4. The sharing with others option grants limited access only.

It is a free tool; however, AWS guarantees the resources used by the user accounts. 

Setting Up AWS User Credentials In The CLI

There’s another way of accessing the features of AWS IAM. You can use the AWS CLI to access the features. The AWS Command Line Interface (CLI) is another way that enables the admin to use the shell they want, or the CLI can interact with the AWS services. The options are either Linux distribution or shell. The guide covers a Bash shell running on the Ubuntu Linux distribution. The steps are as follows: 

  1. You must install the AWS CLI on your system and begin using the command in the Bash terminal. 
     
  2. Next, you have to run the AWS configuration command present in the shell, which will help you quickly set up the access key and secret ID access that will be obtained from AWS. It is obtained after you complete the above-mentioned set of steps. Your credentials are saved in a local file. 
     
  3. The CLI-user programmatic access is set up after completing these steps. You can create an account for creating other users and also choose to give them policy-based access through the AWS CLI.
     
  4. To create a user using IAM, you have to run the AWS IAM create-user command. You must ensure that you run it with a legitimate username. This command helps create a new user, and you'll also get the required details in the bash console. 
     
  5. You have to identify the appropriate policies to determine the user's access level. You have to pass commands to get full access to the user.  
     
  6. You have to check the user details. Also, don't forget to glance at the list of user permissions granted after following all the steps. After creating the user and attaching the apt user policy, you should not forget to verify that the AWS assigned is done correctly. 
     
  7. You can do a quick check by glancing at the user details. The list-users command will help you check it. Also, you can use the attached policies command to check the entire list of attached policies for any particular user account. 

Common Issues & Troubleshooting while creating  IAM User in AWS

Permission Errors:

  • Issue: Access denied errors.
  • Solution: Ensure policies are correctly attached and the principle of least privilege is applied.

MFA Setup Problems:

  • Issue: MFA is not working.
  • Solution: Verify MFA device setup and synchronization with AWS.

Credential Management:

  • Issue: Lost access keys.
  • Solution: Rotate keys regularly and securely store them.

Policy Conflicts:

  • Issue: Overlapping policies causing unexpected behavior.
  • Solution: Review and simplify policies, removing redundancies.

User Lifecycle Management:

  • Issue: Users are not deactivated.
  • Solution: Implement a regular audit and deactivation process.

Best Practices for IAM Users

Use Multi-Factor Authentication (MFA): Enable MFA for all IAM users to add an extra layer of security.

Principle of Least Privilege: Grant users only necessary access.

Regular Audits: Perform regular audits of IAM policies and user permissions to ensure compliance and detect any issues.

Strong Password Policies: Create strong password policies, including complexity requirements and regular password changes.

Monitor Activity: Use AWS CloudTrail to monitor and logs of user activity for security.

Conclusion  - IAM user

The best IAM practices suggest the need for human users to use the federation with an identity provider that helps to get access to temporary credentials. It is a step that helps use the information when needed and not use the IAM users with long-term credentials. Creating an IAM user in the AWS account is easy if you cater to the requirements and follow the steps diligently. The guide will help you successfully make and operate your user account based on the requirements. 

Read More
https://devopsden.io/article/what-is-aws-and-how-it-works

Follow us on

https://www.linkedin.com/company/devopsden/

Table of Contents

    Subscribe to Us

    Always Get Notified