Creating an Administrative Access User Using AWS IAM Identity Center

Naimul IslamNaimul Islam
2 min read

Introduction

  • AWS IAM Identity Center is the AWS solution for connecting workforce users to AWS-managed applications and other AWS resources.

  • It allows connecting existing identity providers or managing users directly in IAM Identity Center for user access to applications and AWS accounts.

  • The importance of secure administrative access management is to control and protect AWS resources by defining who can access them and what actions they can perform.

Prerequisites

  • An AWS account.

  • Administrative permissions to the AWS Management Console.

  • If using AWS Organizations, the management account is required for organization instances of IAM Identity Center.

  • Ensure IAM Identity Center is enabled in your AWS account.

Step-by-Step Guide to Creating an Administrative Access Account

  1. Accessing the AWS IAM Identity Center Console:

    • Log in to the AWS Management Console as the root user or with IAM credentials that have administrative permissions.

    • Open the IAM Identity Center console.

  2. Creating a User in IAM Identity Center:

    • If you're using the default Identity Center directory:

      • Navigate to Users and choose "Add user".

  • Specify a username, which can't be changed later.

  • Set a password (either send an email to the user or generate a one-time password).

  • Provide a valid email address.

  • Enter the user's first and last name.

  • (Optional) Add other user details

  • An invitation link is sent to the given email address.

    • Bookmark the AWS access portal URL to easily access the account in future.

    • You will set a new password and MFA authentication method for future login with your created user.

  1. Assigning Administrative Permissions:

    • To grant administrative permissions, you'll create a permission set.

    • In the IAM Identity Center console, navigate to AWS accounts.

    • Select the management account.

    • Choose "Assign users or groups".

    • Select the created user from Users tab.

    • Choose or create a permission set with administrative privileges (e.g., AdministratorAccess).

    • Submit the assignment.

You’re all done! From now on, to log into your administrative federated user, you just need to do the following:

  1. Go to AWS access portal URL you received previously in your email.

  2. Give username, password

  3. Give Your MFA code

0
Subscribe to my newsletter

Read articles from Naimul Islam directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSAWS IAM Identity Center

Written by

Naimul Islam
Naimul Islam