Create an AWS IAM User for Demos

How to create AWS IAM user for Terraform and Ansible demos.

Programmatic access to the AWS Cloud API

In order to run the examples presented in IT Wonder Lab, you will need programmatic access to the AWS Cloud API.

The following instructions guide you on the creation of a user for programmatic access with full administration permissions.

Be aware that these instructions should only be used for demos and accounts should be disabled after completion.

These instructions don’t follow the common security practice of Granting Least Privilege.

On other tutorials, we will show how to properly manage security in the cloud.

Sign in AWS Management Console

Sign in AWS Management Console using the email address of your new AWS account created on the Create an AWS Account for Demos post.

Fill in the e-mail address and press Next.

Sign in AWS interface

Fill in the password and press Sign in.

AWS Root user sign in interface

Access AWS IAM Service for user management

On the AWS Management Console home, write IAM into the search box and select “IAM Manage User Access and Encryption Keys”

AWS Services select IAM

Create a user in AWS IAM Management Console

Click Users on the left menu and click the Add user button.

AWS Add user interface

Add a user

AWS shows a user creation wizard.

AWS IAM Add User: Add tags
In current releases of the AWS console, the Add User wizard has been updated to include a new step to Add Tags to the created user. That step is not shown in this tutorial screenshots.

First write a user name.

We like to follow a pattern for all the elements in the infrastructure, since users are part of the infrastructure, start them with a prefix that uniquely identifies this Cloud.

In this case, the prefix will be ditwl which stands for Demo IT Wonder Lab in lowercase. Append the name of the user or a functional description, in our case, the full user name will be ditwl-terraform-user.

AWS allows two types of user access:

  • Programmatic access: is used by tools like Terraform that access AWS API for all operations.
  • AWS Management Console access: is used by people who need to access Management Console using a web browser.

Since we are creating a user for Terraform to access the AWS API, select Programmatic access for the AWS access type.

Click Next: Permissions

AWS Add user wizard

Assign a Group

The recommended way to manage user’s permissions is by assigning users to groups and giving permissions to the groups.  Since this is our first user (beyond the root account), press Create group to create our first group.

AWS Add Users, set permissions, add to group

A new form is shown for Create group. Name the group (we will use ditwl-admins as name) and select AdministratorAccess as Policy. The AdministratorAccess provides full access to AWS services.

Press Create group to go back to the previous screen.

AWS create group add policy

Assign the created group to the user

Assign the previously created group to the user and click Next: Review.

AWS assign user to existing group

Review user

The review screen shows all the data for the user. Review the correct spelling of the names and group assignments and press Create user.

AWS Add user review screen

Download User credentials

The user has been created and AWS shows the Access key ID and the Secret access key. This is the only time that AWS will show the Secret access key.

Press Download .csv to download a CSV file named credentials.csv that contains the credentials or press Show to see the Secret access key on the screen.

AWS Add user download credentials

The downloaded file credentials.csv contains the following fields [1]:

User name,Password,Access key ID,Secret access key,Console login link
ditwl-terraform-user,,A1B2C3D4E5F6G7H8I9J0,QwertYuiopASDFGHJKL123456789sadfghjkvcbn,https://134567891011.signin.aws.amazon.com/console

Keep the credentials safe by storing them under encryption and make sure that you don’t upload the Secret access key to a public repository. The Access Key ID and Secret access key can be used to buy services from AWS that will be charged to your account.

1] The Access key ID, Secret access key and Console login link shown on the example are fake.

AWS Create Group
Table of Contents
Primary Item (H2)Sub Item 1 (H3)Sub Item 2 (H4)
Sub Item 3 (H5)
Sub Item 4 (H6)

Related Cloud Tutorials

AWS Security Groups’ Best Practices
AWS Security Groups are virtual firewalls that control inbound and outbound traffic to and from Amazon Web Services (AWS) resources, such as EC2 and RDS instances.
AWS and Terraform Naming Best Practices
Terraform and AWS resource naming should follow a company standard. Each company has different requirements and the standard should be adjusted.
AWS Tagging Best Practices
Effective infrastructure resource tagging can greatly improve management, IaC, monitoring and cost visibility in AWS.
AWS S3
AWS S3, is a highly scalable and durable object storage used for data storage, backup, content distribution, data archiving, and as a foundation for building cloud-native applications.
AWS EC2
Amazon Elastic Compute Cloud, is a web service offered by Amazon Web Services (AWS) that provides resizable and scalable compute capacity in the cloud. In simple terms, AWS EC2 allows you to launch and manage virtual machines, known as instances, in the AWS cloud.
AWS AMI
AWS AMI, or Amazon Machine Image, is a pre-configured virtual machine image used to create and launch Amazon Elastic Compute Cloud (EC2) instances
terraform-aws-ec2-rds-basic-free - ITWL_AWS_Terraform_VPC_WP_RDS_tags.png
How to Share Infrastructure in Multiple Terraform Projects?
Methods to divide Terraform AWS infrastructure between different teams and projects using Terraform: Using Terraform Data Sources, Accessing a Remote Terraform State-file From Other Project, ...
How to use Ansible and Terraform together
This Ansible AWS tutorial shows how to use Ansible and its dynamic inventory to provision the software and configuration of infrastructure that has been created with Terraform.
AWS Terraform module
How to disable AWS instance destroy with Terraform?
Techniques to prevent infrastructure destroy in Terraform by protecting selected instances and resources from being accidentally destroyed.
terraform-aws-ec2-rds-basic-free - ITWL_AWS_Terraform_VPC_WP_Security1.png
How to programmatically use your public Internet IP address in Terraform?
Obtain your public IP address and use it in Terraform to create AWS Security Rules.

Javier Ruiz

IT Wonder Lab tutorials are based on the rich and diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, which was later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has more than 20 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.

One comment on “Create an AWS IAM User for Demos”

Leave a Reply

Your email address will not be published. Required fields are marked *


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram