USD ($)
$
United States Dollar
India Rupee

IAM in AWS: Create Users and Groups

Created by Deepak Sharma in Cloud Computing 4 Oct 2024
Share
«What is Cloud Computing?

In world of cloud computing, the Amazon AWS is the top provider and it's training and certification will lead you to the best of opportunities in the time to come. In this blog, I will deep down into IAM in AWS and will create users and groups to make you understand how IAM works in AWS. IAM stands for identity and access management. This is an AWS global service because in IAM, we can create users and assign them in groups. 

By default we create a root user; this is the main user and should not be used or shared. We generally used it only for setting up our other user’s accounts. 

It is recommended not to use root user account for any other purpose.

Please note, before moving further it is recommended to have a basic understanding or training on cloud computing, servers or ccna networking courses


IAM in AWS - How it works

In the IAM for AWS, one person represents one user within the organization and these users can be grouped together for any specific department. Let’s say in an organization, there are 6 people so there will be 6 users. 3 of them belong to a Developers department and 2 of them are in Operations department. 

Image description

It is important to note that AWS user group can only contain users but no other groups. Some users also may not belong to any group. It is not a best practice though. It is also possible to have users belong to different group can be a part of a common group. 

Image description

So the question is why do we need users and groups for IAM in AWS? Because we want them to use our AWS account with different permissions based groups. Users and groups can be assigned JSON documents called policies. The JSON is very similar to plain English; you need not to be a programmer to understand the JSON documents. 


Become an Amazon AWS Cloud CertifiedStart your cloud journey via AWS cloud certification courses. Enroll now!Explore course
Image description


{

          “Version”: “2012-10-17”,

          “Statement”: [

               {

                         “Effect”: “Allow”,

                         “Action”: “ec2:Describe*”,

                         “Resource”: “*”

               },

               {

                         “Effect”: “Allow”,

                         “Action”: “elasticloadbalancing:Describe*”,

                         “Resource”: “*”

               }

     ]

}

Basically JSON document says what a user is allowed to do or what users in a group are allowed to do. For example in the above JSON document, users are allowed to use some of the EC2 services in AWS. So these policies help in defining the permissions for users and groups.

In AWS, we apply least privilege principle i.e. do not give more permissions than a user needs.


AWS IAM User

Now let’s do some hands on by creating users and group in the AWS account. Considering you already have a root account created in AWS, which is very easy to create.

Go to aws.amazon.com and click on “Sign in to the Console”

Image description

In the “sign In” page, select root login; if you do not have an AWS account yet, pleases sign up for a new user account. 

Image description

Let’s create a new account by clicking on “New to AWS? Sign up” and enter your email and other details. Click on verify your email address. You will receive a code on your email address.

Image description

Enter the code which you received on your email and click on Verify.

Image description

After this there will be 5 steps for creating your AWS account. Just follow all steps starting with setting your root user password. Enter you appropriate password and click to continue.

Image description

Next step is to choose between business account and personnel account. You can select as per your requirement, in this case we are choosing business account and complete the other details like name and address. Then continue on the next step.

Image description

Here you have to provide your credit card details to proceed.

Image description

Once verified the credit card details, you will be asked to verify your identity which you can do by providing your PAN card or any other government ID. It will be followed by verifying you phone number and in the end you are to choose between the below plan. Choose the basic support – free plan and click on complete sign up.

Image description

Congratulations, there you go you are now ready to go to the AWS Management Console.

Image description

Enter your email ID followed by password and login to your AWS root account.  

Image description

Once you logged in, on the top search bar, search for IAM

Image description

It will bring you to AWS IAM console, where you create IAM users in AWS. Here you can see that that the region selection is not active which means that IAM service is a global service. When a user is created it will be available in all the regions. However other services like EC2, S3 etc. are region specific. In case you want to learn and get trained on above AWS services than check out the next blogs or obtain instructor led live training on AWS course. Here on the left panel under Access Management, click on Users to proceed.

Image description

In IAM > Users, you see as of now there is no user created, you only have root account. You can check by clicking on the top right corner “UniNets” by account name. Here you only see the account ID which is nothing but root ID. 

Image description


Create IAM User in AWS

Let’s go ahead and create IAM user in AWS “Deepak” who should be having access to AWS management console. Now click on Create user button

Image description

On the next screen, you can provide the user name and select checkbox for allowing this user to get AWS management console access. It will give you two options for user type and here we click on IAM user.

- User in Identity center

- AWS IAM user

Image description

Then it will ask for generating passwords and other related details. In our case we choose custom password and untick the option for create a new password at next sign-in. Click on Next to proceed.

Image description

Next, we have to add permissions to this user, that can either be given directly or via group. So let’s create an aws user group here by clicking on Create group as shown.

Image description

You can name a user group and select the policy. In our case, we are giving the group name as Admin and selecting the Administrator Access policy. Then click on Create user group.


Create AWS User Group

Image description

Here you can see that the aws user group is created and as of now there is only one group which we just created. You also notice that there is no user in the group. You need to select the group and Click on Next to add user in this group.

Image description

In the next window, you can review the IAM in AWS user and group permissions. Click on Create user.

Image description

Now AWS IAM user is created and you can see the password, remember you can see the password last time here. Click on return to user list. 

Image description

Here you can verify that there is a user created.

Image description

You can also check the group and permissions.

Image description

If you click on the user name “Deepak”, it will show you all permissions. This user is inherited all permissions from the group “Admin” and this group has administrator access. 

Image description

Let’s now go to the dashboard and gather some information before login into via this AWS IAM user. You need to have account ID or sign-in URL, username and password for login. You can also create the customized URL and make sure the preferred alias is unique.

Image description

Image description

Now copy the sign-in URL and try to login in other browser or incognito browser using same username and password.

Image description

Once logged in, your root account ID and IAM in AWS user name are mentioned on the top right corner.

Image description


Now onwards, it is highly recommended to user only IAM user not root user in the production environment. However you can use whichever you want because this is just for practice scenarios. I will take up IAM policies in the next blog so stay tuned.


Deepak Sharma

He is a senior solution network architect and currently working with one of the largest financial company. He has an impressive academic and training background. He has completed his B.Tech and MBA, which makes him both technically and managerial proficient. He has also completed more than 450 online and offline training courses, both in India and ...

More... | Author`s Bog | Book a Meeting

Related Articles

#Explore latest news and articles

Amazon Web Services (AWS) Certification Path: Amazon Cloud Skills 6 Sep 2024

Amazon Web Services (AWS) Certification Path: Amazon Cloud Skills

Want a successful career in Amazon cloud? Set your roadmap with AWS certification path to become an AWS cloud certified architect
Azure Cloud Career Paths & Certifications 21 Aug 2024

Azure Cloud Career Paths & Certifications

Learn about the Career Paths available for a successful career in the dynamic field of Azure Cloud and Microsoft Azure. Read More about Microsoft Azure.
GCP Certifications: Google Cloud Platform 29 Aug 2024

GCP Certifications: Google Cloud Platform

Learn GCP certifications path and explore Google Cloud Computing Platform certification. Start your Google Cloud journey now!

FAQ

AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS resources by managing users, groups, roles, and permissions.
IAM users are identities that represent individual users or applications that interact with AWS services. Each user can have specific permissions assigned to control access.
To create an IAM user, go to the IAM console, click on "Users," then "Add user." Set permissions, configure settings, and finish the setup.
An IAM role is an identity with permissions that can be assumed by trusted entities, such as AWS services, applications, or users. Unlike users, roles do not have credentials.
IAM uses policies (JSON documents) to define permissions. These policies can be attached to users, groups, or roles to grant or deny access to AWS resources.
IAM groups are collections of IAM users. They help manage permissions by assigning policies to groups instead of individual users.
Yes, an IAM user can belong to multiple groups, and the user’s permissions are the sum of all permissions from the groups they are part of.

Comments (0)

Share

Share this post with others

Contact learning advisor

Captcha image