Create an AWS IAM User for Demos

Programmatic access to the AWS Cloud API

In order to run the examples presented in IT Wonder Lab, you will need programmatic access to the AWS Cloud API.

The following instructions guide you on the creation of a user for programmatic access with full administration permissions.

Be aware that these instructions should only be used for demos and accounts should be disabled after completion.

These instructions don’t follow the common security practice of Granting Least Privilege.

On other tutorials, we will show how to properly manage security in the cloud.

Sign in AWS Management Console

Sign in AWS Management Console using the email address of your new AWS account created on the Create an AWS Account for Demos post.

Fill in the e-mail address and press Next.

Sign in AWS interface

Fill in the password and press Sign in.

AWS Root user sign in interface

Access AWS IAM Service for user management

On the AWS Management Console home, write IAM into the search box and select “IAM Manage User Access and Encryption Keys”

AWS Services select IAM

Create a user in AWS IAM Management Console

Click Users on the left menu and click the Add user button.

AWS Add user interface

Add a user

AWS shows a user creation wizard.

AWS IAM Add User: Add tags

In current releases of the AWS console the Add User wizard has been updated to include a new step to Add Tags to the created user. That step is not shown in this tutorial screenshots.

First write a user name.

We like to follow a pattern for all the elements in the infrastructure, since users are part of the infrastructure, start them with a prefix that uniquely identifies this Cloud.

In this case, the prefix will be ditwl that stands for Demo IT Wonder Lab in lowercase. Append the name of the user or a functional description, in our case, the full user name will be ditwl-terraform-user.

AWS allows two types of user access:

  • Programmatic access: is used by tools like Terraform that access AWS API for all operations.
  • AWS Management Console access: is used by people that need to access Management Console using a web browser.

Since we are creating a user for Terraform to access the AWS API, select Programmatic access for the AWS access type.

Click Next: Permissions

AWS Add user wizard

Assign a Group

The recommended way to manage user’s permissions is by assigning users to groups and giving permissions to the groups.  Since this is our first user (beyond the root account), press Create group to create our first group.

AWS Add Users, set permissions, add to group

A new form is shown for Create group. Name the group (we will use ditwl-admins as name) and select AdministratorAccess as Policy. The AdministratorAccess provides full access to AWS services.

Press Create group to go back to the previous screen.

AWS create group add policy

Assign the created group to the user

Assign the previously created group to the user and click Next: Review.

AWS assign user to existing group

Review user

The review screen shows all the data for the user. Review the correct spelling of the names and group assignments and press Create user.

AWS Add user review screen

Download User credentials

The user has been created and AWS shows the Access key ID and the Secret access key. This is the only time that AWS will show the Secret access key.

Press Download .csv to download a CSV file named credentials.csv that contains the credentials or press Show to see the Secret access key on the screen.

AWS Add user download credentials

The downloaded file credentials.csv contains the following fields [1]:

User name,Password,Access key ID,Secret access key,Console login link

Keep the credentials safe by storing them under encryption and make sure that you don’t upload the Secret access key to a public repository. The Access Key ID and Secret access key can be used to buy services from AWS that will be charged to your account.

1] The Access key ID, Secret access key and Console login link shown on the example are fake.

Create an AWS IAM User for Demos

Leave a Reply

Your email address will not be published. Required fields are marked *

AWS Users

Create an AWS Account for Demos

In order to run the examples presented in IT Wonder Lab you will need accounts in different cloud providers. Most of the providers offer free