Create IAM Users and Groups in AWS

An IAM user is basically an AWS customer or a person or application that authenticates with individual identities and interact with AWS services. An IAM user consists of a name and credentials. The credentials could be of either password or Access keys types. If you are new to IAM, then refer What is IAM and How IAM works

In this article, we would discuss below topics

  • Create Users
  • Create Groups
  • Assign Users to Groups

Create Users

1. Sign into AWS Console (link) and Search IAM Service

2. Open IAM Dashboard and click on Users

3. Click on Add Users

4. Enter Set User Details

In this article, we are going to create two users 1. Admin User 2. Testing User

AWS IAM allows to you to create one or more users at a time.

User Name – Each user is identified with unique user name

Access Types – AWS lets you to chose access types for the newly created user.

  • Programmatic Access – With this AWS generates unique pair of Access Keys and Secret Keys for each user and this is useful for interacting with AWS services using CLI, SDK’s and other Development tools
  • AWS Console Access – With this, the user would be able to access the AWS console via password authentication.

As we don’t need the AWS keys for now, so lets proceed with AWS console access

Console Password – AWS allows you to use a custom password for user at the time of creation or you could opt for Autogenerated password

Require Password Reset – By default, this is enabled. So that at next log-in AWS would ask to user for resetting the password.

5. Click on Permissions

Here, you could directly Add an user to a group or could copy permissions from existing user or could attach existing policies directly.

You could directly create groups and assign permissions here. This is more useful while creating a Single user. Lets follow the topic order and create user now. We would create group in next section of this article.

6. Click on Tags

This is optional. However, you could add a key-value pair name for your user information which could be wither an email address or work role.

7. Click on Review and then click on Create User

This would create two users in your IAM account and AWS would generate Autogenerated passwords for the users.

Create Groups

We would create two groups here one for Admin user and secondly for Testing user and grant permission for s3 services based on user’s role.

Create Group with s3 Admin Permission

1. Go to IAM Dashboard and Select Groups

2. Click on Create New Group.

Provide a Group Name with a meaningful name for group type identification. Group name could be edited at anytime

3. Attach Policy to your Group and click on Next

Search with s3 and select s3FullAccess.

4. Click on Review

Review the details and click on Create group to create your first admin group for s3 service

Create Group with s3 Read Permission

Follow the above steps to create a group with s3 read permission.

Here select the policy as Amazons3ReadOnly Access for group creation

Now both groups are ready. We would proceed and add users into the respective groups in next section

Add Users to Groups

AWS lets you to add users to groups in both way. That means, you could select the user and then proceed with add users to groups. Otherwise, you could select the group from dashboard and then proceed with add users to groups. We would follow the group approach here

1. Go to IAM Dashboard and Select Group

2. Add Users to groups

Select your User as per work role and then click on Add Users

Now follow the same process to add your testing user to s3ReadOnly group

Now you are all set with your user creation and group association.

The IAM users now would able to access s3 service as per their permissions. I hope this article helps.

Please comment below for any questions related to this blog.

Leave a Reply

%d bloggers like this: