An IAM user is basically an AWS customer or a person or application that authenticates with individual identities and interact with AWS services. An IAM user consists of a name and credentials. The credentials could be of either password or Access keys types. If you are new to IAM, then refer What is IAM and How IAM works
In this article, we would discuss below topics
- Create Users
- Create Groups
- Assign Users to Groups
1. Sign into AWS Console (link) and Search IAM Service
2. Open IAM Dashboard and click on Users
3. Click on Add Users
4. Enter Set User Details
In this article, we are going to create two users 1. Admin User 2. Testing User
AWS IAM allows to you to create one or more users at a time.
User Name – Each user is identified with unique user name
Access Types – AWS lets you to chose access types for the newly created user.
- Programmatic Access – With this AWS generates unique pair of Access Keys and Secret Keys for each user and this is useful for interacting with AWS services using CLI, SDK’s and other Development tools
- AWS Console Access – With this, the user would be able to access the AWS console via password authentication.
As we don’t need the AWS keys for now, so lets proceed with AWS console access
Console Password – AWS allows you to use a custom password for user at the time of creation or you could opt for Autogenerated password
Require Password Reset – By default, this is enabled. So that at next log-in AWS would ask to user for resetting the password.
5. Click on Permissions
Here, you could directly Add an user to a group or could copy permissions from existing user or could attach existing policies directly.
You could directly create groups and assign permissions here. This is more useful while creating a Single user. Lets follow the topic order and create user now. We would create group in next section of this article.
6. Click on Tags
This is optional. However, you could add a key-value pair name for your user information which could be wither an email address or work role.
7. Click on Review and then click on Create User
This would create two users in your IAM account and AWS would generate Autogenerated passwords for the users.
We would create two groups here one for Admin user and secondly for Testing user and grant permission for s3 services based on user’s role.
Create Group with s3 Admin Permission
1. Go to IAM Dashboard and Select Groups
2. Click on Create New Group.
Provide a Group Name with a meaningful name for group type identification. Group name could be edited at anytime
3. Attach Policy to your Group and click on Next
Search with s3 and select s3FullAccess.
4. Click on Review
Review the details and click on Create group to create your first admin group for s3 service
Create Group with s3 Read Permission
Follow the above steps to create a group with s3 read permission.
Here select the policy as Amazons3ReadOnly Access for group creation
Now both groups are ready. We would proceed and add users into the respective groups in next section
Add Users to Groups
AWS lets you to add users to groups in both way. That means, you could select the user and then proceed with add users to groups. Otherwise, you could select the group from dashboard and then proceed with add users to groups. We would follow the group approach here
1. Go to IAM Dashboard and Select Group
2. Add Users to groups
Select your User as per work role and then click on Add Users
Now follow the same process to add your testing user to s3ReadOnly group
Now you are all set with your user creation and group association.
The IAM users now would able to access s3 service as per their permissions. I hope this article helps.
Please comment below for any questions related to this blog.