Dear Reader, I hope you are doing great. Today, I am here with a post on how to create IAM user in AWS step by step. This is a beginner friendly tutorial. So don’t worry, if you have just started your journey with AWS.
Apart from creating the user, we will also see how to assign permission to user during the creation process.
Before creating an IAM user, let’s try to understand them a bit.
What is an IAM user and why should you create them?
AWS IAM user is an entity created in AWS that lets you interact with AWS resources. They usually represent a physical person who needs access to your AWS account. However, sometime they may represent an application that need to interact with AWS services.
A perfect example on why should you create an IAM user –
Imagine you are the owner of a start up and you want to create an application using AWS. You can’t share your credentials with anyone but you want them to be able to work in your AWS account.
In this case, AWS allows you to create users and assign them permission based on what they need to do so that they can login to console or access AWS programetically with their own credential.
Did that make sense?
I guess so !!!
Now we know a bit about IAM users, so let’s create one step by step !!!
Step 1: Login to AWS Management Console and Navigate to IAM
To create an IAM user in AWS, the very first step is to login to AWS Management Console and open IAM service.
You can either go to Services -> Security, Identity, & Compliance -> IAM
Search IAM in the console search bar as shown below and click on IAM.
Step 2: Click on Users in IAM Dashboard
Once you click on IAM, you will be redirected to IAM dashboard. You will see similar screen like below.
Click on Users in left navigation menu as highlighted in the above screenshot
Step 3: Click Add user
Step 4: Fill Up the Details
- Provide a User name(Must be unique within account)
- Select an access type for your user based on the requirement
- If you are creating user for someone else, it makes sense to keep Require password reset checkbox checked
Note: You can create more then one user at a time by using add another user button
Once you have filled up details, click on Next: Permission
Step 5: Provide Required Permission to the User
There are three ways to set permission for the user
- Add user to group
- Copy permission from existing user
- Attach existing policies directly
You can use any of the option as per your convinience. However, it’s a good practice to create group for users who need similar permission , attach policies to the group and then add user into the group.
I have already created two groups, so I will add this user to Learner group which has S3 full access
On the other hand, if you wish to attach existing policy directly, click on Attach existing policies directly tab
Filter appropriate policy by searching and select what you need. For example I have searched for S3 and selected AmazonS3FullAccess as you can see in below screenshot.
Note: If you think already existing policies doesn’t fit your needs, you can create custom policy and assign that instead. You can do that using Create policy button mentioned in below screenshot.
Once you are done selecting permission as per your need, click Next: Tags to move to next step
Step 6: Add tag to your user(Optional)
Adding tags to your user is completely optional and you may skip this step altogether. However, tags can provide extra information about user, for example department and later can be used to provide permission based on tag.
After you are done, Click on Next: Review
Step 7: Review User Details and Click Create user
Review user details to crosscheck if you have entered all the information correctly. If you think something is not correct or as per your need, you may decide to go back using Previous button and modify it.
If everything is good, you can click Create user
User is successfully created and you see a success message as above. Now comes the important part, Download the .csv file which have your user credentials and sign in link that you can share with your IAM user.
Note: Please note that as the message says, this is the last time you can download the .csv file so make sure to download it before closing the dialog. Although, you can create new credentials anytime just that they are not available to downtime after closing this dialog.
If you are an admin creating IAM user for your team member, your job is done here. Just share the .csv(Credentials) with your user and you are done.
However, if you are someone, who is doing this for learning purpose, you can use the downloaded creds to login as IAM user to better understand end to end flow
Step 8 : Login as IAM User(Actual IAM user will do this)
Open the credentials file(.csv file) you downloaded and gran details such as username, password and sign in link.
Click on the sign in link present in .csv file
You will be redirected to AWS console login page with AccounId/Alias field already filled up.
Enter your username, password as shown in above screenshot and click Sign in
If you have entered everything correctly, you will be prompted to change password screen(Remember while creating the user, we selected the option that user will need to change his/her password)
Enter your old and new password and click Confirm password change
Note: Please note that you must comply with the password policy set by your administrator. If you get error like you don’t comply with password policy, check the password policy with administrator
If all is fine, your password is changed and you are logged into your AWS account as IAM user.
Congratulations !!! You have successfully created an IAM user.
You also learnt how an IAM user will login using the .csv creds provided by you.
In this in-depth tutorial, You learnt “How to Create IAM User in AWS Step by Step”. We created a user from scratch, assigned permission to it and also learnt how to login as IAM user into AWS console.
If you have any question, please feel free to drop in comment section.
Enjoyed the content?
Subscribe to our newsletter below to get awesome AWS learning materials delivered straight to your inbox.
I hope you enjoyed this tutorial. If you have a question, feel free to drop in comment. I will be more then happy to answer your query.
Meanwhile you can also –
- Difference between AWS Root user and IAM User
- Attach an IAM Role to an EC2 Instance using CloudFormation
- Create an S3 Bucket using CloudFormation
- Understand IAM PassRole to Secure your AWS Infrastructure
- AWS S3 Encryption: Ways to Secure Your Data in S3
- How to Create S3 Bucket using CloudFomation
- AWS S3 Storage Classes: Everything You Need to Know
- AWS SQS Standard vs FIFO Queue
- How to Create S3 Bucket Policy using CloudFomation
- Provision ACM certificate using CloudFormation
- Create SSM Parameter using CloudFormation