Step-by-Step Guide to Creating an IAM User in AWS

Oladosu Ibrahim AdeniyiOladosu Ibrahim Adeniyi
4 min read

Introduction

Amazon Web Services (AWS) provides a robust Identity and Access Management (IAM) system that allows organizations to control user access to AWS services securely. By creating IAM users, administrators can assign specific permissions to individuals, ensuring they only have access to the resources necessary for their roles. This is crucial for maintaining security, preventing unauthorized access, and implementing best practices in cloud governance.

This guide outlines the entire process of creating an IAM user in AWS, from logging into the console to assigning permissions and securely sharing credentials.

Importance of IAM Users

IAM users play a crucial role in managing access control within AWS. Instead of sharing the root account credentials, which poses a security risk, organizations should create IAM users with specific permissions. The key benefits of IAM users include:

  • Enhanced Security: Each user gets unique credentials, reducing the risk of unauthorized access.

  • Granular Permissions: Assigning only the necessary permissions limits access to critical resources.

  • Auditability: AWS logs user activity, making it easier to track changes and detect suspicious behavior.

  • Multi-Factor Authentication (MFA): Enabling MFA adds an extra layer of security.

Prerequisites

Before creating an IAM user, ensure the following requirements are met:

  1. An active AWS account.

  2. Administrator access to AWS Management Console.

  3. A clear understanding of the user’s role and required permissions.

Step 1: Log in to the AWS Management Console

  1. Open a web browser and navigate to AWS Management Console.

  2. Enter the credentials and sign in as an administrator.

Step 2: Navigate to the IAM Dashboard

  1. In the AWS Management Console, use the Search bar at the top.

  2. Type IAM and select IAM from the search results.

  3. The IAM Dashboard will open, displaying various options to manage identities and permissions.

Step 3: Create a New IAM User

  1. In the IAM Dashboard, click on Users from the left-hand menu.

  2. Click the Add users button.

  3. Enter a User name (e.g., Ibrahim).

  4. If enabling AWS Management Console access, choose a sign-in password:

    • Auto-generated password (AWS creates one for the user).

    • Custom password (Manually defined by the administrator).

  5. (Optional) Enable Require password reset to force the user to change their password on first login.

  6. Click Next: Permissions.

Step 4: Assign Permissions to the IAM User

Permissions can be assigned using one of the following methods:

  1. Attach the user to an existing group: Selecting an IAM group with predefined permissions.

  2. Copy permissions from an existing user: Duplicating permissions from another user.

  3. Attach policies directly: Assigning specific permission policies to the user.

    • To grant administrative access, Use the Search bar to locate Policies and attach the AdministratorAccess policy.

    • For limited permissions, attach relevant policies such as AmazonS3ReadOnlyAccess.

  4. Click Next: Tags.

Adding Tags (Optional)

  1. Key-value pairs (tags) can be added to identify the IAM user (e.g., Department: IT).

  2. Click Next: Review.

Reviewing and Creating the IAM User

  1. Review all configurations for accuracy.

  2. If everything is correct, click Create user.

  3. AWS generates an Access Key ID and Secret Access Key (if programmatic access was enabled).

    • Important: Copy and save these credentials securely. They will not be shown again.

  4. Click Download .csv to save the user details.

  5. Click Close.

Providing Credentials to the IAM User

  1. Securely share the IAM user’s login details with the intended person.

  2. If AWS Management Console access was enabled, provide the AWS sign-in link found on the IAM dashboard.

  3. If programmatic access was enabled, instruct the user to configure the AWS CLI with the provided access keys.

Best Practices for IAM User Management

To maintain a secure AWS environment, follow these best practices:

  • Use IAM Groups: Instead of assigning permissions directly to users, add them to groups with predefined permissions.

  • Enable Multi-Factor Authentication (MFA): This adds an extra layer of security.

  • Grant Least Privilege Access: Only assign necessary permissions to users.

  • Rotate Credentials Regularly: Ensure users update their passwords and access keys periodically.

  • Monitor and Audit IAM Activity: Use AWS CloudTrail to track IAM user actions.

Conclusion

Creating IAM users ensures that each individual has controlled and secure access to AWS resources. By following these steps, you can efficiently manage user access and security within your AWS account.

Implementing IAM correctly helps organizations enforce security best practices, minimize risk, and enhance operational efficiency. If you have any questions or need further details, feel free to explore AWS documentation or reach out to AWS support.

1
Subscribe to my newsletter

Read articles from Oladosu Ibrahim Adeniyi directly inside your inbox. Subscribe to the newsletter, and don't miss out.

CloudCloud Computingcloud nativecloud securitydatadata-engineeringdata engineer

Written by

Oladosu Ibrahim Adeniyi
Oladosu Ibrahim Adeniyi

✨ I’m a versatile tech professional with expertise in Data Analysis, Data Engineering, Cloud Solution Architecture, Cloud/DevOps Engineering, and UI/UX Design. 🌟 My journey is fueled by a passion for: 📊 Transforming raw data into actionable insights 🔗 Designing scalable pipelines ☁️ Streamlining cloud infrastructures to drive business innovation 💡 As a Data Analyst, I excel in uncovering patterns and trends, enabling informed decision-making through visualizations and reporting. 🚀 As a Data Engineer, I architect robust data pipelines that handle complex transformations and ensure data integrity. 🏗️ As a Cloud Solution Architect, I design and implement scalable, secure, and efficient cloud solutions tailored to meet business needs. ⚙️ As a Cloud/DevOps Engineer, I specialize in automating deployments, optimizing workflows, and building resilient cloud-based systems. 🎓 With certifications in Microsoft Azure, AWS, and other cutting-edge technologies, I bring technical precision and a problem-solving mindset to every project. 📚 Beyond my technical work, I’m committed to lifelong learning and sharing knowledge through writing, mentoring, and collaboration. 🌍 Let’s connect to explore how data, cloud, DevOps, and design can drive innovation and efficiency in today’s digital world! 🚀