HOW TO CREATE AN IAM (Identity and Access Management) USER IN AWS CONSOLE

INTRODUCTION:

AWS Identity and Access Management (IAM) enables you to control access to AWS services and resources securely. An IAM user is an entity you create in AWS to represent the person or service that uses it to interact with AWS. Creating IAM users with the least privilege is a fundamental part of following security best practices in AWS.

PREREQUISITES:

Before you create an IAM user, make sure you have the following:

1. AWS Account: You need to have an AWS account with admin access.

2. Administrator Access: The user or role you are using to create new IAM users must have appropriate permissions (AdministratorAccess or specific IAM permissions like IAM: CreateUser, IAM: AttachUserPolicy, etc.).

Step 1: Sign in to the AWS Management Console

• Go to https://aws.amazon.com/console/
• Sign in with your root or IAM user credentials that have permissions to manage IAM

Step 2: Navigate to IAM Service

From the AWS Console home, search for IAM in the search bar and select IAM from the services list.

Step 3: Go to Users

• On the left sidebar, click on Users.
• Click on the “Add users” button.

Step 4: Set User Details

1. Enter a user name (e.g., developer-user).

2. Select the access type:

• Programmatic access: Required for CLI, SDK, and API access.
• AWS Management Console access: Required for web interface access.
• You can enable one or both based on the use case.

3. Set a custom password or let AWS generate one (if console access is enabled).

4. Click Next: Permissions.

Step 5: Set Permissions

You have three options:

1. Add user to group (recommended): Choose an existing group with policies (e.g., Admin, Developer).
2. Copy permissions from the existing user.
3. Attach policies directly: Select from a list of AWS-managed or custom policies like AmazonS3ReadOnlyAccess.

Step 6: Add Tags (Optional)

• Add metadata as key-value pairs (e.g., Department: DevOps).
• Click Next: Review.

Step 7: Review and Create

• Review all settings.
• Click on Create user.

Step 8: Save User Credentials

• After the user is created, you will see the Access key ID, Secret access key, and password if applicable.
• Download the .csv file or copy it securely.  Note: You won’t be able to view the secret key again, so store it securely.

CONCLUSION:

Creating IAM users is a critical part of managing AWS securely and effectively. By assigning users with only the permissions they need and avoiding the use of root credentials, you follow best practices in cloud security. Always apply the Principle of Least Privilege, use IAM groups for easier permission management, and enable MFA for better account protection.