> ## Documentation Index
> Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Demo Create IAM User

> This tutorial teaches how to create an IAM user in AWS, verify console access, and configure AWS CLI credentials.

In this tutorial, you’ll learn how to create a new IAM user in AWS, verify console access, and configure AWS CLI credentials using AWS CloudShell. We’ll use `john` as our example user.

<Callout icon="lightbulb" color="#1CB2FE">
  You must be signed in to the AWS Management Console with an account or IAM user that has administrator privileges.
</Callout>

***

## 1. Access the IAM Console

1. Sign in to the [AWS Management Console](https://aws.amazon.com/console/).
2. In the search bar, type **IAM** and select **Identity and Access Management**.
3. On the IAM dashboard, review any security recommendations (e.g., enabling MFA).

<Frame>
  ![The image shows an AWS Identity and Access Management (IAM) dashboard with security recommendations, including adding multi-factor authentication (MFA) for the root user and the current user. It also mentions an extended deadline for updating access permissions.](https://kodekloud.com/kk-media/image/upload/v1752863006/notes-assets/images/AWS-IAM-Demo-Create-IAM-User/aws-iam-dashboard-security-recommendations.jpg)
</Frame>

4. In the left navigation pane, click **Users** to view existing IAM users.

***

## 2. Create a New IAM User

1. Click **Add users**.
2. Enter **john** as the **User name**.
3. Under **Select AWS access type**, choose one or both of the following:

| Access Type                   | Description                                   |
| ----------------------------- | --------------------------------------------- |
| AWS Management Console access | Enables web console sign-in                   |
| Programmatic access           | Generates access keys for CLI/SDK interaction |

<Frame>
  ![The image shows an AWS IAM user creation page where user details are being specified, including a username field filled with "john."](https://kodekloud.com/kk-media/image/upload/v1752863007/notes-assets/images/AWS-IAM-Demo-Create-IAM-User/aws-iam-user-creation-john-details.jpg)
</Frame>

4. For **Console password**, select **Custom password** and enter your desired password.

<Frame>
  ![The image shows a section of the AWS IAM console where a user is setting a console password, with options for autogenerated or custom passwords and password requirements.](https://kodekloud.com/kk-media/image/upload/v1752863008/notes-assets/images/AWS-IAM-Demo-Create-IAM-User/aws-iam-console-password-settings.jpg)
</Frame>

5. Enable **Require password reset** to force `john` to set a new password at first sign-in.

<Frame>
  ![The image shows an AWS IAM console screen for setting user permissions, with options to add a user to a group, copy permissions, or attach policies directly.](https://kodekloud.com/kk-media/image/upload/v1752863009/notes-assets/images/AWS-IAM-Demo-Create-IAM-User/aws-iam-console-user-permissions-screen.jpg)
</Frame>

6. On the **Set permissions** page, assign policies or skip this step to configure permissions later.
7. Click **Next** until you reach the **Review** page, verify all settings, then click **Create user**.
8. Choose **Return to users**.

<Frame>
  ![The image shows an AWS IAM user creation page, displaying user details and permissions summary for a user named "john."](https://kodekloud.com/kk-media/image/upload/v1752863010/notes-assets/images/AWS-IAM-Demo-Create-IAM-User/aws-iam-user-creation-john-details-2.jpg)
</Frame>

***

## 3. Test the Console Sign-In

1. Open a private/incognito browser window.
2. Navigate to [https://aws.amazon.com](https://aws.amazon.com) and click **Sign In**.
3. Select **IAM user**, enter your AWS account ID, then click **Next**.
4. Provide **Username**: `john` and the initial password you set.

<Frame>
  ![The image shows an AWS IAM console with a notification indicating a user was created successfully. It lists three users: amin, john, and kodekloud, along with their details.](https://kodekloud.com/kk-media/image/upload/v1752863012/notes-assets/images/AWS-IAM-Demo-Create-IAM-User/aws-iam-console-user-created-notification.jpg)
</Frame>

5. You’ll be prompted to change the password:

<Frame>
  ![The image shows an AWS sign-in page for IAM users, with fields for account ID, username, and password, alongside an advertisement for AWS Training and Certification.](https://kodekloud.com/kk-media/image/upload/v1752863013/notes-assets/images/AWS-IAM-Demo-Create-IAM-User/aws-iam-signin-page-training-advertisement.jpg)
</Frame>

6. Enter the old password, choose a new one, and confirm.

<Frame>
  ![The image shows an AWS password change page where a user is prompted to enter their old password, new password, and confirm the new password. There is a button labeled "Confirm password change."](https://kodekloud.com/kk-media/image/upload/v1752863014/notes-assets/images/AWS-IAM-Demo-Create-IAM-User/aws-password-change-page-form.jpg)
</Frame>

After confirmation, you will be signed in as `john`.

***

## 4. Configure AWS CLI for the New User

Next, we’ll set up AWS CLI credentials in CloudShell for the `john` profile.

1. From the AWS Console, open **CloudShell**.
2. Verify your current identity (should show your admin user, e.g., `kodekloud`):

```bash theme={null}
aws sts get-caller-identity
```

```json theme={null}
{
  "UserId": "AIDAZFD2ZUTSVCJWCHYKF",
  "Account": "629470240221",
  "Arn": "arn:aws:iam::629470240221:user/kodekloud"
}
```

3. Create access keys for `john`:
   * In IAM Console, go to **Users** > **john**.
   * Select the **Security credentials** tab.
   * Under **Access keys**, click **Create access key**.
   * For **Use case**, pick **Command line interface** and proceed.
   * Copy the **Access key ID** and **Secret access key**.

<Frame>
  ![The image shows an AWS IAM console screen where an access key has been created. It includes a notification about the access key and best practices for managing it.](https://kodekloud.com/kk-media/image/upload/v1752863015/notes-assets/images/AWS-IAM-Demo-Create-IAM-User/aws-iam-console-access-key-notification.jpg)
</Frame>

<Callout icon="triangle-alert" color="#FF6B6B">
  Keep the secret access key confidential. Do not commit it to version control or share it.
</Callout>

4. Back in CloudShell, configure a dedicated profile:

```bash theme={null}
aws configure --profile john
```

When prompted, enter:

* AWS Access Key ID: `<paste access key ID>`
* AWS Secret Access Key: `<paste secret key>`
* Default region name: `us-west-2` (or your preferred region)
* Default output format: *(leave blank or choose `json`)*

5. Validate the `john` profile:

```bash theme={null}
aws sts get-caller-identity --profile john
```

```json theme={null}
{
  "UserId": "AIDAZFD2ZUTS3DCUVP",
  "Account": "629470240221",
  "Arn": "arn:aws:iam::629470240221:user/john"
}
```

You have now successfully created an IAM user, tested console sign-in, and configured AWS CLI access for `john`.

***

## Links and References

* [AWS IAM Documentation](https://docs.aws.amazon.com/iam/)
* [Managing Access Keys for IAM Users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
* [AWS CLI User Guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html)

<CardGroup>
  <Card title="Watch Video" icon="video" cta="Learn more" href="https://learn.kodekloud.com/user/courses/aws-iam/module/84a65700-7455-4ad8-aeb5-27dfaf07b8cc/lesson/175fe8de-662f-4edb-97e7-8af63f066f38" />
</CardGroup>