Beta

AWS - IAM

Introduction to AWS Identity and Access Management

IAM Users

In this lesson, you’ll learn how to set up IAM users and grant them access to AWS services. An IAM user can interact with AWS through the Management Console, AWS CLI, or SDKs, based on the permissions you attach.

Why IAM User Permissions Matter

Note

By default, a newly created IAM user has no permissions. You must attach policies to grant access.

AWS Services and CLI Examples

ServiceDescriptionCLI Example
Amazon EC2Virtual machines in the cloudaws ec2 describe-instances
Amazon RDSManaged relational databasesaws rds describe-db-instances
Amazon EKSKubernetes clustersaws eks list-clusters
AWS LambdaServerless compute for codeaws lambda list-functions
Amazon DynamoDBFast NoSQL databaseaws dynamodb list-tables
Amazon S3Object storage for filesaws s3 ls s3://your-bucket
Elastic Load Balancing (ELB)Distribute incoming trafficaws elb describe-load-balancers
Amazon Route 53Scalable DNS serviceaws route53 list-hosted-zones
Amazon VPCIsolated virtual networksaws ec2 describe-vpcs
Amazon SNSPub/Sub messaging and notificationsaws sns list-topics

Methods to Attach IAM Policies

You can grant AWS permissions by attaching policies to:

  • IAM Users: Directly attach policies to the user.
  • IAM Groups: Assign users to groups; they inherit group policies.
  • IAM Roles: Allow users or services to assume roles with temporary credentials.

Creating an IAM User

1. Using the AWS Management Console

  1. Sign in to the AWS Management Console.
  2. Navigate to IAM > Users > Add users.
  3. Enter a User name and select the access type:
    • Programmatic access (for AWS CLI/SDK).
    • AWS Management Console access (for web console).
  4. Click Next: Permissions and choose how to assign permissions:
    • Add user to group
    • Attach existing policies directly
    • Copy permissions from existing user
  5. Review and create the user. Download or copy the Access Key ID and Secret Access Key.

2. Using the AWS CLI

Create an IAM user:

aws iam create-user --user-name alice

Generate access keys for programmatic access:

aws iam create-access-key --user-name alice

Attach a policy (e.g., AmazonS3ReadOnlyAccess):

aws iam attach-user-policy \
  --user-name alice \
  --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

Warning

Store your Access Key ID and Secret Access Key securely. Treat them like password credentials.

Next Steps

After creating IAM users and attaching policies, consider:

  • Enforcing Multi-Factor Authentication (MFA) for console users.
  • Rotating access keys regularly.
  • Applying the principle of least privilege.

Watch Video

Watch video content

Previous
Demo Creating AWS Account
Next
Demo Create IAM User