This guide is part of the Amazon Web Services Essentials tutorial and will help you through the process for creating a new IAM user.
Version Notes: Created on October 8, 2023.
Getting Started
It is bad form to use the root user account for general access. Each user should have their own account with limited permissions.
To begin, search for IAM in the search field at the top of the page and click on the IAM Service. Note that if you click the star beside IAM, it will add it to the top of your console as a favorite. This will be helpful as you use certain services repeatedly.
Users
From the IAM Dashboard, note the list of Access management options on the left.
Click Users.
Create User
You are presented with a list of all users for your account. This is a new account so there are no users.
Click Create user
User Details
User name: Enter a name for this user. This can be anything you wish, but you cannot use spaces. Make sure it is descriptive.
Provide user access to the AWS Management Console: Check this box if you want this user to have access to the Management Console. Without this access, the user can only access functions via the API.
Select the option to create an IAM user. I will cover IAM Identity Center later.
Choose whether you want the system to generate a password for this user or provide one yourself.
I recommend checking the box to require the user to create a new password after they login the first time.
Click Next
Set Permissions
You have three options for how you grant permissions to this user account.
Add user to group is the best option as you can then manage the permissions for multiple users by editing the group.
Copy permissions will copy the permissions from another user and apply them to this new user.
Attach policies directly will allow you to select which policies you want associated with this user. Be mindful that if you have a lot of users, managing each individually like this can be cumbersome.
If you choose to add the user to a group, select the group you want the user assigned to. We will choose the group we created earlier.
Click Next
Review
Confirm that all the options are as you expected.
You have the option to add tags which will allow you to help organize users for easier management later on.
Click Create user
Retrieve Password
You should see a message indicating that creating the user was successful.
There is an option to email the sign-in information to the user. The password will not be included in this email.
Note that the 12-digit account ID is included in the Console sign-in URL. Make note of this ID as you will need it later.
To get the password to the user, click the Show link and copy the password. It is important to keep this password secure and this is why it is a good reason why you should insist that the user reset the password after logging in for the first time.
Click Return to users list
Sign Out
To test the new user, we must first sign out of the root user account.
Click on the user drop-down menu in the top right.
Click Sign out
Sign in
At the sign in screen, select the IAM user option
Enter the 12-digit account ID. This was provided during the Retrieve Password step earlier.
Click Next
Provide IAM User Details
At the sign in screen, select the IAM user option
The 12-digit account ID should pre-populate with the information you provided on the prior screen.
Enter the IAM user name and the password.
Do not check the Remember this account box unless you are logging in from a secure personal device.
Click Sign in
Reset Password
If the user account requires the password to be reset upon login, then you will be presented with the change password screen.
Enter the current password
Enter a new password and confirm that password.
Click Confirm password change
All Done
You should see in the top right of the screen that you are now logged in with the new user account.
You may return to the Amazon Web Services Essentials tutorial for the additional steps.
