Security in the cloud is extremely important and isn’t something where you should cut corners. Who and what has access to your cloud services is one of the first things you should establish. If you aren’t familiar already AWS Identity and Access Management (IAM) is how you manage and maintain access within your AWS account and an IAM User is a part of this.

So, what exactly is IAM? Taken directly from the AWS docs “AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.” (AWS Docs) More specifically, in this case, an IAM User is an “entity” that you create in AWS. It refers to a person, or workload who uses IAM to interact with AWS. An IAM User consists of a name and a password. When logging into AWS Management Console as an IAM User you’ll first use your account ID or alias and then your username and password.

When you first create an AWS account and sign into the management console, you would do so as a Root User. It is best practice and strongly recommended that as soon as you have successfully logged in as a Root User, you create an IAM User. The IAM User you create should then be used to carry out all administrative tasks and NOT the Root User. The Root User should only be used for tasks IAM Users cannot fulfil. Creating an IAM User is simple and extremely straightforward, so let’s dive right in! Just to note is that the kind of IAM User we will be creating is for an individual/hobbyist AWS account, if your account is an organization account it is best practice to use IAM Identity Center to create and manage users. First, navigate to your dashboard and search for IAM then on the left-hand side select ‘Users’ and then ‘Create User’. You’ll be presented with the following screen (AWS has a habit of changing its UI frequently so by the time you are reading this your UI may be different but the steps should be pretty much the same).

Give your user a name, which refers to its use case so your name or admin etc. You’ll want to check “Provide user access to the AWS Management Console “ and then check “I want to create an IAM user” you should now see the following.

Choose whether you want an autogenerated password or a custom password but if you go with an autogenerated password make sure you keep checked “Users must create a new password at next sign-in”. Then click NEXT. As you are creating an IAM User for the first time and one that will be used to carry out all the administrative tasks we need to give it the necessary permissions. On the “Set Permissions” page you want to add your IAM User to a User Group. To do this select ‘Create Group’ and you’ll see the following.

First, give your group a name, something like ‘Admin’ is a good example. What you see in the photo above are a number of different policies that you can attach to your user groups. As this is an admin user you want to select ‘AdministratorAccess’ as the description says gives the user full access to AWS services. Once the group is created make sure you check it so the user is added into the group. You’ll then see this final review screen, under ‘Permissions Summary’ if you have added your user to the correct permissions group you should see this here, also if you have selected for your user to have to change the password on first sign-in this will also be there. Then all you need to do is select ‘Create User’ and you’ve successfully created your user!

Finally, once you have logged onto your IAM User account it is extremely important that you set up Multi-Factor Authentication (MFA). Securing your IAM User is imperative and this is the user that will be performing all the tasks within your AWS account from here on out so you must make sure that it is adequately protected. For more details about IAM take a look at the official docs HERE.