- Effective DevOps with AWS
- Yogesh Raheja Giuseppe Borgese Nathaniel Felsen
- 599字
- 2021-07-23 16:27:26
Creating a new user in IAM
In this section, we will create and configure accounts for different individuals who need access to AWS. For now, we will keep things simple and only create an account for ourselves, as follows:
Navigate to the IAM menu in the AWS console (https://console.aws.amazon.com/iam/) or go to the Services drop-down list on the top left corner of the AWS console page and search for IAM:
- Choose the Users option from the navigation pane.
- Create a new user by clicking on the Add user button, and make sure that you tick the Programmatic access option to generate an access key ID and a secret access key for the user.
- Select the default options for now and create a user. Don't forget to download credentials.
- Back in the Users menu, click on your username to access the details page.
- In the Permissions tab, click on the Add permissions button and select the Attach existing policies directly option. Click on AdministratorAccess to provide full access to AWS services and resources to our newly created user.
- Select the checkbox next to the AdministratorAccess option to provide full access to AWS services and resource to our newly created user. You will be left with a screen that looks like this:
The last thing we need to do is add a password and turn on MFA for this account. This can be done as follows:
- Click on the Security credentials tab.
- Now click on the Console password option and enable the password for the newly created user. Set the password of your choice and click on the Apply button.
- Once you're done with adding a password, click on the Assigned MFA device option.
- Select A virtual MFA device option and follow the remaining instructions in order to turn on MFA in your newly created account. You will get a message stating that The MFA device was successfully associated with your account, as shown in the following screenshot:
- At this point, you are ready to start using the newly created user account. The important thing to note here is that signing in with an IAM user account is different from the root account. The main difference is that you sign in using a different URL.
- Navigate to https://console.aws.amazon.com/iam/home#home or click on the Dashboard in the IAM menu.
- You will see your unique sign-in URL under IAM users sign-in link. Feel free to also customize the link. Save this new URL in your bookmarks, and, from now on, use this link to sign into the AWS console.
- Sign out from the root account.
- Sign back in, but this time use your IAM user account at https://AWS-account-ID or alias.signin.aws.amazon.com/console.
Do not share your access key and secret key. By going through those steps, we enforced the use of MFA to access the AWS Console with our IAM user. We now need two factors (the password and the MFA token) to access the console. That said, we also created an access key which is far less secure. Anyone in possession of the secret key and access key (both present in the credentials.csv) will have full administrative access to the AWS account. Make sure to never share these credentials online. In Chapter 8, Hardening the Security of Your AWS Environment, we will make a few changes to better protect this key and require the use of MFA to gain administrator privileges.
The next step in configuring our account is to configure our computers to interact with AWS using the command-line interface.