AWS - IAM

Introduction to AWS Identity and Access Management

Demo Create IAM User

In this tutorial, you’ll learn how to create a new IAM user in AWS, verify console access, and configure AWS CLI credentials using AWS CloudShell. We’ll use john as our example user.

Prerequisites

You must be signed in to the AWS Management Console with an account or IAM user that has administrator privileges.


1. Access the IAM Console

  1. Sign in to the AWS Management Console.
  2. In the search bar, type IAM and select Identity and Access Management.
  3. On the IAM dashboard, review any security recommendations (e.g., enabling MFA).

The image shows an AWS Identity and Access Management (IAM) dashboard with security recommendations, including adding multi-factor authentication (MFA) for the root user and the current user. It also mentions an extended deadline for updating access permissions.

  1. In the left navigation pane, click Users to view existing IAM users.

2. Create a New IAM User

  1. Click Add users.
  2. Enter john as the User name.
  3. Under Select AWS access type, choose one or both of the following:
Access TypeDescription
AWS Management Console accessEnables web console sign-in
Programmatic accessGenerates access keys for CLI/SDK interaction

The image shows an AWS IAM user creation page where user details are being specified, including a username field filled with "john."

  1. For Console password, select Custom password and enter your desired password.

The image shows a section of the AWS IAM console where a user is setting a console password, with options for autogenerated or custom passwords and password requirements.

  1. Enable Require password reset to force john to set a new password at first sign-in.

The image shows an AWS IAM console screen for setting user permissions, with options to add a user to a group, copy permissions, or attach policies directly.

  1. On the Set permissions page, assign policies or skip this step to configure permissions later.
  2. Click Next until you reach the Review page, verify all settings, then click Create user.
  3. Choose Return to users.

The image shows an AWS IAM user creation page, displaying user details and permissions summary for a user named "john."


3. Test the Console Sign-In

  1. Open a private/incognito browser window.
  2. Navigate to https://aws.amazon.com and click Sign In.
  3. Select IAM user, enter your AWS account ID, then click Next.
  4. Provide Username: john and the initial password you set.

The image shows an AWS IAM console with a notification indicating a user was created successfully. It lists three users: amin, john, and kodekloud, along with their details.

  1. You’ll be prompted to change the password:

The image shows an AWS sign-in page for IAM users, with fields for account ID, username, and password, alongside an advertisement for AWS Training and Certification.

  1. Enter the old password, choose a new one, and confirm.

The image shows an AWS password change page where a user is prompted to enter their old password, new password, and confirm the new password. There is a button labeled "Confirm password change."

After confirmation, you will be signed in as john.


4. Configure AWS CLI for the New User

Next, we’ll set up AWS CLI credentials in CloudShell for the john profile.

  1. From the AWS Console, open CloudShell.
  2. Verify your current identity (should show your admin user, e.g., kodekloud):
aws sts get-caller-identity
{
  "UserId": "AIDAZFD2ZUTSVCJWCHYKF",
  "Account": "629470240221",
  "Arn": "arn:aws:iam::629470240221:user/kodekloud"
}
  1. Create access keys for john:
    • In IAM Console, go to Users > john.
    • Select the Security credentials tab.
    • Under Access keys, click Create access key.
    • For Use case, pick Command line interface and proceed.
    • Copy the Access key ID and Secret access key.

The image shows an AWS IAM console screen where an access key has been created. It includes a notification about the access key and best practices for managing it.

Warning

Keep the secret access key confidential. Do not commit it to version control or share it.

  1. Back in CloudShell, configure a dedicated profile:
aws configure --profile john

When prompted, enter:

  • AWS Access Key ID: <paste access key ID>
  • AWS Secret Access Key: <paste secret key>
  • Default region name: us-west-2 (or your preferred region)
  • Default output format: (leave blank or choose json)
  1. Validate the john profile:
aws sts get-caller-identity --profile john
{
  "UserId": "AIDAZFD2ZUTS3DCUVP",
  "Account": "629470240221",
  "Arn": "arn:aws:iam::629470240221:user/john"
}

You have now successfully created an IAM user, tested console sign-in, and configured AWS CLI access for john.


Watch Video

Watch video content

Previous
IAM Users