IAM in AWS: Create Users and Groups

In world of cloud computing, the Amazon AWS is the top provider and it's training and certification will lead you to the best of opportunities in the time to come. In this blog, I will deep down into IAM in AWS and will create users and groups to make you understand how IAM works in AWS. IAM stands for identity and access management. This is an AWS global service because in IAM, we can create users and assign them in groups. 

By default we create a root user; this is the main user and should not be used or shared. We generally used it only for setting up our other user’s accounts. 

It is recommended not to use root user account for any other purpose.

Please note, before moving further it is recommended to have a basic understanding or training on cloud computing, servers or ccna networking courses

IAM in AWS - How it works

In the IAM for AWS, one person represents one user within the organization and these users can be grouped together for any specific department. Let’s say in an organization, there are 6 people so there will be 6 users. 3 of them belong to a Developers department and 2 of them are in Operations department. 

It is important to note that AWS user group can only contain users but no other groups. Some users also may not belong to any group. It is not a best practice though. It is also possible to have users belong to different group can be a part of a common group. 

So the question is why do we need users and groups for IAM in AWS? Because we want them to use our AWS account with different permissions based groups. Users and groups can be assigned JSON documents called policies. The JSON is very similar to plain English; you need not to be a programmer to understand the JSON documents. 

Become an Amazon AWS Cloud CertifiedStart your cloud journey via AWS cloud certification courses. Enroll now!Explore course

Basically JSON document says what a user is allowed to do or what users in a group are allowed to do. For example in the above JSON document, users are allowed to use some of the EC2 services in AWS. So these policies help in defining the permissions for users and groups.

In AWS, we apply least privilege principle i.e. do not give more permissions than a user needs.

AWS IAM User

Now let’s do some hands on by creating users and group in the AWS account. Considering you already have a root account created in AWS, which is very easy to create.

Go to aws.amazon.com and click on “Sign in to the Console”

In the “sign In” page, select root login; if you do not have an AWS account yet, pleases sign up for a new user account. 

Let’s create a new account by clicking on “New to AWS? Sign up” and enter your email and other details. Click on verify your email address. You will receive a code on your email address.

Enter the code which you received on your email and click on Verify.

After this there will be 5 steps for creating your AWS account. Just follow all steps starting with setting your root user password. Enter you appropriate password and click to continue.

Next step is to choose between business account and personnel account. You can select as per your requirement, in this case we are choosing business account and complete the other details like name and address. Then continue on the next step.

Here you have to provide your credit card details to proceed.

Once verified the credit card details, you will be asked to verify your identity which you can do by providing your PAN card or any other government ID. It will be followed by verifying you phone number and in the end you are to choose between the below plan. Choose the basic support – free plan and click on complete sign up.

Congratulations, there you go you are now ready to go to the AWS Management Console.

Enter your email ID followed by password and login to your AWS root account.  

Once you logged in, on the top search bar, search for IAM

It will bring you to AWS IAM console, where you create IAM users in AWS. Here you can see that that the region selection is not active which means that IAM service is a global service. When a user is created it will be available in all the regions. However other services like EC2, S3 etc. are region specific. In case you want to learn and get trained on above AWS services than check out the next blogs or obtain instructor led live training on AWS course. Here on the left panel under Access Management, click on Users to proceed.

In IAM > Users, you see as of now there is no user created, you only have root account. You can check by clicking on the top right corner “UniNets” by account name. Here you only see the account ID which is nothing but root ID. 

Create IAM User in AWS

Let’s go ahead and create IAM user in AWS “Deepak” who should be having access to AWS management console. Now click on Create user button

On the next screen, you can provide the user name and select checkbox for allowing this user to get AWS management console access. It will give you two options for user type and here we click on IAM user.

- User in Identity center

- AWS IAM user

Then it will ask for generating passwords and other related details. In our case we choose custom password and untick the option for create a new password at next sign-in. Click on Next to proceed.

Next, we have to add permissions to this user, that can either be given directly or via group. So let’s create an aws user group here by clicking on Create group as shown.

You can name a user group and select the policy. In our case, we are giving the group name as Admin and selecting the Administrator Access policy. Then click on Create user group.

Create AWS User Group

Here you can see that the aws user group is created and as of now there is only one group which we just created. You also notice that there is no user in the group. You need to select the group and Click on Next to add user in this group.

In the next window, you can review the IAM in AWS user and group permissions. Click on Create user.

Now AWS IAM user is created and you can see the password, remember you can see the password last time here. Click on return to user list. 

Here you can verify that there is a user created.

You can also check the group and permissions.

If you click on the user name “Deepak”, it will show you all permissions. This user is inherited all permissions from the group “Admin” and this group has administrator access. 

Let’s now go to the dashboard and gather some information before login into via this AWS IAM user. You need to have account ID or sign-in URL, username and password for login. You can also create the customized URL and make sure the preferred alias is unique.

Now copy the sign-in URL and try to login in other browser or incognito browser using same username and password.

Once logged in, your root account ID and IAM in AWS user name are mentioned on the top right corner.