547
IAM Users
- An IAM User is an entity created in AWS that provides a way to interact with AWS resources.
- The main purpose of IAM Users is that they can sign in to the AWS Management Console and can make requests to the AWS services.
- The newly created IAM users have no password and no access key. If a user wants to use the AWS resources using the AWS Management Console, you need to create the user password. If a user wants to interact using the AWS programmatically (using the CLI (Command Line Interface)), you need to create the access key for that user. The credentials created for IAM User are what exactly uniquely identify themselves to AWS.
- The security of the user’s credentials can be enhanced by using the feature, i.e., Multi-Factor Authentication.
- The newly created IAM Users do not have permissions, i.e., they are not authorized to access the AWS resources.
- An advantage of using individual IAM Users is that you can assign the permissions individually. You can even assign the administrative permissions, who can administer your AWS resources and also administer other IAM Users.
- Mainly, the user’s permissions are set to AWS tasks and resources, i.e., the job assigned to the IAM User. For example, you create an IAM User whose name is Advita, you create a password for the user and set the permissions that let her start Amazon EC2 instances and read the data from Amazon RDS database.
- Each IAM User is associated with one and only one AWS account.
- Users are defined within your account, so users do not have to do payment. Any AWS activity performed by a user is billed to your account.
IAM Users Aren’t Necessarily People
An IAM User doesn’t necessarily represent a people. An IAM User is just an identity with associated permission. You can also create an IAM User to represent an application that needs to have credentials in order to access the AWS services.
Creating an IAM User (AWS Management Console)
To create a User using AWS Management Console:
- Sign in to the AWS Management Console.
- Open the IAM Console at https://console.aws.amazon.com/iam/home?region=us-east-2#/home. The screen appears which is shown below:
- On the navigation pane, click on the Users. After clicking on the Users, the screen appears which is shown below:
- Click on the Add User to add new users to your account. After clicking on the Add User, the screen appears which is shown below:
- Enter the User name for the user you want to create. You can create five users at a time.
- Select the AWS access type. Either you want a user to have programmatic access, AWS Management Console access or both.
- You can also give permission to the user to manage his or her security credentials.
Creating an IAM User ( CLI or API )
- Create a user
- You can assign security credentials such as a password to the user which is required if you want a user to use the AWS Management Console.
- Create an access key for the user which is required if the user needs to access AWS resources programmatically.
- Attach a policy to the user that defines the permissions.
- A User can be added to one or more groups.
How IAM Users Sign In To Your AWS Account
- Open the link https://us-east-1.signin.aws.amazon.com/ to sign in to your AWS account.
- An IAM User enters the user name and password assigned by you to login into the IAM Console.
Listing IAM Users ( AWS Management Console )
- Sign in to the AWS Management Console by entering your email address and password.
- Open the IAM Console.
- In the navigation pane, click on the Users, then the screen appears which is shown below:
The above screen shows that there is only iam user exists whose name is MyUser.
Listing all the Users in a Group (AWS Management Console)
- Sign in to the AWS Management Console by entering your email address and password.
- Open the IAM Console.
- In the navigation pane, click on the Group, then the screen appears which is shown below:
The above screen shows that no group exists
Listing all the Users (CLI and API)
- List all the users in an account.
- List the users in a specific group.
- List all the groups in which a specific user exists.
Delete an IAM User (AWS Management Console)
- Sign in to the AWS Management Console.
- Open the IAM Console.
- In the navigation pane, click Users.
- Select the checkbox appears next to the user name.
- From the User Actions list at the top of the page, select Delete User.
- Click yes, Delete.
Delete an IAM User (AWS CLI)
- Delete the user’s keys and certificates which ensures that the user cannot access your AWS accounts.
- Delete the user’s password, if the user contains a password.
- Deactivate the user’s MFA device, if the user has one.
- We can also detach the policies that are attached to the user.
- Get the list of the groups that the user was in, and then remove the users from the group.
- Delete the user
Next TopicIAM Identities