How to Create IAM User,Role & policy on Amazon Web Service(AWS).

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge.

Identity and access management (IAM) is a collective term that covers products, processes, and policies used to manage user identities and regulate user access within an organization.

 

  • Login to aws portal.
  • Click on Services.

 

Fig 1

 

  • Under Security, Identity, & Compliance select IAM.

 

Fig 20

 

IAM Users

  • Click on Users.

 

Fig 2

 

  • Click on Add user.

 

Fig. 3

 

  • Provide User name.
  • Select Access type.In Programmatic access,enable Access key ID & Secret access key for aws API,CLI & other tools.In AWS management console access,generate a password that allows users to sign-in AWS management console.
  • Click on Next Permission.

Fig. 4

 

  • We can Add user to group or copy permission from existing user.
  • Click on Attach existing policies directly.

 

Fig. 5

  • We can create or attach existing policy.
  • Select Existing policy & Click on Next Tags.

 

Fig. 6

 

  • Provide Key name & value for IAM user.
  • Click on Next Review.

 

Fig. 7

 

  • Review all configurations.
  • Provide User name.
  • Click on Create User.

 

Fig. 8

 

  • After sometime New IAM User is ready.

 

Fig 9

 

IAM Roles

  • Click on Roles.

 

Fig 10

 

  • Click on Create Role.

 

Fig 11

 

  • Select AWS service type of trusted entity & Click on EC2 a use case.
  • Click on Next Permission.

 

Fig 12

 

  • Create or select existing policy.
  • Click on Next Tags.

 

Fig 12

 

  • Provide Key name & value for IAM Role.
  • Click on Next Review.

 

Fig 13

 

  • Review all configurations.
  • Provide Role name.
  • Click on Create role.

 

Fig 14

 

IAM Policies

  • Click on Policies.

 

Fig 15

 

  • Click on Create policy.

 

Fig 16

 

  • We can create or edit policy in visual editor or using JSON format.
  • Click on Tags.

 

Fig 17

 

  • Click on Add tag.
  • Provide Key name & value for IAM policy.
  • Click on Next Review.

 

Fig 18

 

  • Provide Policy name.
  • Review all configurations.
  • Click on Create policy.

 

Fig 19

 

 

Create IAM user,role & policy using Shell

To create an IAM user

aws iam create-user –user-name example –permissions-boundary <value>

To create an IAM role

aws iam create-role –role-name example-role –assume-role-policy-document /path/of/Policy.json file

To create an IAM policy

aws iam create-policy –policy-name my-policy –policy-document /path/of/policy.json file

The file policy.json is given below:

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“logs:CreateLogGroup”,
“logs:CreateLogStream”,
“logs:PutLogEvents”,
“logs:DescribeLogStreams”
],
“Resource”: [
“*”
]
}
]
}

Leave a Reply