Creating IAM Users (Console) made easy
This guide will explain how to Create IAM Users (Console) in Amazon AWS – You can use the Amazon AWS Management Console to create IAM users. Read this simple Guide to Create Amazon AWS API IAM Users Account.
To create one or more IAM users (console)
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
In the navigation pane, choose Users and then choose Add user. You can checkout how to Create Amazon IAM User AWS CLI Command Line Interface
Type the user name for the new user. This is the sign-in name for AWS. If you want to add more than one user at the same time, choose Add another user for each additional user and type their user names. You can add up to 10 users at one time.
- Cloud Adoption in Insurance Industry: Trends & Issues
- Simple, Low Cost Ways to Improve Information Security
- Prevent Being Hacked Online by Cyber Criminal Hacker
- Secure File Sharing Websites & Free Online Cloud Storage
Note User names can be a combination of up to 64 letters, digits, and these characters: plus (+), equal (=), comma (,), period (.), at sign (@), and hyphen (-). Names must be unique within an account. They are not distinguished by case. For example, you cannot create two users named TESTUSER and testuser.
For more information about limitations on IAM entities, see Limitations on IAM Entities and Objects.
Select the type of access this set of users will have. You can select programmatic access, access to the AWS Management Console, or both.
- Select Programmatic access if the users require access to the API, AWS CLI, or Tools for Windows PowerShell. This creates an access key for each new user. You can view or download the access keys when you get to the Final page.
- Select AWS Management Console access if the users require access to the AWS Management Console. This creates a password for each new user.
a. For Console password, choose one of the following:
- Autogenerated password. Each user gets a randomly generated password that meets the account password policy in effect (if any). You can view or download the passwords when you get to the Final page.
- Custom password. Each user is assigned the password that you type in the box.
b. (Optional) We recommend that you select Require password reset to ensure that users are forced to change their password the first time they sign in.
- Note: If you have not enabled the account-wide password policy setting Allow users to change their own password, then selecting Require password reset automatically attaches an AWS managed policy named
IAMUserChangePasswordto the new users that grants them permission to change their own passwords.
Choose Next: Permissions.
On the Set permissions page, specify how you want to assign permissions to this set of new users. Choose one of the following three options:
- Add user to group. Choose this option if you want to assign the users to one or more groups that already have permissions policies. IAM displays a list of the groups in your account, along with their attached policies. You can select one or more existing groups, or choose Create group to create a new group. For more information, see Changing Permissions for an IAM User.
- Copy permissions from existing user. Choose this option to copy all of the group memberships, attached managed policies, embedded inline policies, and any existing permissions boundaries from an existing user to the new users. IAM displays a list of the users in your account. Select the one whose permissions most closely match the needs of your new users.
- Attach existing policies to user directly. Choose this option to see a list of the AWS managed and customer managed policies in your account.
- Select the policies that you want to attach to the new users or choose Create policy to open a new browser tab and create a new policy from scratch. For more information, see step 4 in the procedure Creating IAM Policies (Console). After you create the policy, close that tab and return to your original tab to add the policy to the new user. As a best practice, we recommend that you instead attach your policies to a group and then make users members of the appropriate groups.
- Recommended reading: Learn about Enterprise Cloud Identity & Access Management (Google Cloud IAM).
(Optional) Set a permissions boundary. This is an advanced feature.
Open the Set permissions boundary section and choose Use a permissions boundary to control the maximum user permissions.
- Possible Means Businesses Can Profit from Artificial Intelligence
- 2020 Cyber Security Predictions & Protection
- Microsoft Cyber Security & Trending Threat Landscape
- Azure AI (Artificial Intelligence) Real for Developers
IAM displays a list of the AWS managed and customer managed policies in your account.
Select the policy to use for the permissions boundary or choose Create policy to open a new browser tab and create a new policy from scratch.
For more information, see step 4 in the procedure Creating IAM Policies (Console). After you create the policy, close that tab and return to your original tab to select the policy to use for the permissions boundary.
Choose Next: Tags.
(Optional) Add metadata to the user by attaching tags as key-value pairs. For more information about using tags in IAM, see Tagging IAM Entities.
Choose Next: Review to see all of the choices you made up to this point. When you are ready to proceed, choose Create user.
To view the users’ access keys (access key IDs and secret access keys), choose Show next to each password and access key that you want to see. To save the access keys, choose Download .csv and then save the file to a safe location. Important.
This is your only opportunity to view or download the secret access keys, and you must provide this information to your users before they can use the AWS API. Save the user’s new access key ID and secret access key in a safe and secure place. You will not have access to the secret keys again after this step
Next updates after Amazon AWS guidelines
- Microsoft Cloud Solution Provider & Partner Network
- Hybrid Cloud Hosting Service: Uses & Best Practices
- Alibaba’s Reliable Hybrid Cloud Solutions (Secure Deployment)
- Some Hybrid Cloud Security Risks Challenges and How to Fix it
Provide each user with his or her credentials.
On the final page you can choose Send email next to each user. Your local mail client opens with a draft that you can customize and send. The email template includes the following details to each user:
- User name
- URL to the account sign-in page. Use the following example, substituting the correct account ID number or account alias:
AWS-account-ID or alias.signin.aws.amazon.com/console
For more information, see Features and How IAM Users Sign In to AWS.
The user’s password is not included in the generated email. You must provide them to the customer in a way that complies with your organization’s security guidelines.