AWS

Create AWS IAM Administrator Account outside of ROOT User

Leave a comment

IAM (Identity and Access Managment)   is a global AWS Service which provides access for administrative and development functions in AWS.   We will demonstrate the creation of a user besides the ROOT user.

Points that should be remembered in AWS and IAM users and groups.

  • Root user should not be used except for setting up AWS and creation of Users and Groups. 
  • Users should correlate to unique individuals 
  • Groups are collections of like users 
  • Rights can be granted to both users and groups. 
  • Users can belong to multiple groups or no group at all. 
  • Groups cannot be assigned to other groups. 
  • IAM users and groups are global setting in AWS, they are not part of a region.  
  1. The following is required before you create IAM user for your AWS Free Tier Account. 
  • An Active AWS Account. 
    • An Active email to receive alerts. 
    • Access to the root user account. 

2. Logon to AWS as the root user at URL:  https://signin.aws.amazon.com/ 

3. Validate that you are not a robot. 

4. Enter your password. 

5. Open your email and retrieve the validation code. 

6. Enter your validation code. 

7. You will now have your AWS account console displayed. In the Search bar type IAM and a link to the IAM console will be displayed.  NOTE:  You can have a link created on your home page by clicking the star next to any resource in AWS. 

8. The IAM Console will now be displayed, select Users on the left hand menu selection. 

9. Currently we have no users other than root, which is not part of IAM.  Select Create User in the upper right hand side of screen. 

10.  You will be presented with a 4 step screen to create your new IAM user.  Enter a user name. Select IAM user, select custom password and enter a password, unselect change password at next logon.    NOTE:  When creating a user for another account ensure that you have the password generated for you and change password at next logon is selected. 

11. On the next step we will be granting permissions to the user.   Select create group in lower right hand side. 

12.  We will enter “root_group” and select AdministratorAccess for permissions.  Select Create User Group. 

13. Now you will see a group available to access.   Select the root_group and press Next 

14. A Review page will be displayed and select Create user. 

15. A Retrieve password Page will be displayed which allows you to download the credentials for the new account or email them to specific user.   Click Return to user list. 

16. A warning may appear about you saving the password.  Click continue. 

17. In the uppper right hand corner of you screen click on the user_id and select sign out.  NOTE: record the Account ID in this example it is 393795841763 

18. In the upper right hand side of the screen select Sign In to the console. 

19.  Enter the account ID, IAM username and password you just create.   Select Sign in. 

20.  You are now logon as your IAM user 

Leave a Reply