DEV Community

Cover image for Generating and Managing AWS Security Credentials: A Beginner's Guide
Mohd Ahsan
Mohd Ahsan

Posted on • Edited on

Generating and Managing AWS Security Credentials: A Beginner's Guide

AWS Identity and Access Management (IAM) is used to enhance security and manage access effectively in AWS, it's crucial to avoid using the root user account for regular operations due to its broad permissions. Instead, creating IAM Users with specific permissions is recommended. IAM (Identity and Access Management) in AWS involves Users, Roles, Groups, and Policies:

  • Users: Individuals within your organization who need access to AWS resources.
  • Roles: Used to delegate access to resources securely between AWS services.
  • Groups: Collections of users. Policies are attached to groups to define permissions for multiple users at once.
  • Policies: Documents defining permissions. For instance, the "Administrator Access" policy grants full AWS control. AWS IAM

AWS Access Keys are credentials used for programmatic access to AWS services. They consist of two parts:
i. Access Key ID: A unique identifier used to identify the access key when making requests to AWS services.
ii. Secret Access Key: A confidential key used in conjunction with the Access Key ID to sign API requests, ensuring that requests are authentic and have not been tampered with.
Purpose: Access keys are used to authenticate and authorize access to AWS resources via the AWS CLI, SDKs, or API calls.

IAM & Access Keys

AWS Identity and Access Management (IAM)

Step 1 - Create IAM User:

  • Go to the AWS Management Console and sign in with your root user credentials.
  • Type "IAM" in the search bar and select the IAM service from the list. IAM

Step 2 - Access IAM Dashboard:

  • In the IAM dashboard, click on "User groups" in the left-hand menu.
  • Click on the "Create group" button to begin creating a new IAM group.
  • Enter a suitable name for the group, such as "AdminGroup" or any other descriptive name. Group

Step 3 - Attach Policies:

  • In the "Attach permissions policies" step, search for and select policies such as "AdministratorAccess" and "Billing" from the AWS managed policies list. These policies provide permissions for administrative tasks and billing management.
  • Review the policies that are attached to the group.
  • Click on "Create group" to complete the creation of the IAM group. Policies

Step 4 - Add User:

  • Click on the "Add user" button to start creating a new IAM user.
  • Enter a suitable name for the user, such as "Admin" or another descriptive name.
  • Choose the type of access for the user:
    • Programmatic access: Allows interaction with AWS services via APIs, SDKs, and CLI.
    • AWS Management Console access: Enables sign-in to the AWS Management Console with a custom password. Ensure the option "User must create a new password at next sign-in" is selected.
  • Add the user to the IAM group created earlier with defined permissions.
  • Review the user details, permissions, and tags (if applicable).
  • Click on "Create user" to complete the creation of the IAM user.

user
add group

Step 5 - Sign-in with IAM User:

  • If it's your first time logging in, you'll be prompted to set a new password. Ensure to choose a secure password.
  • Access the AWS Management Console either with the provided console login link or by visiting the AWS Management Console homepage directly.
  • Once logged in, you can manage AWS services based on the permissions assigned to your IAM user.

Step 6 - Enable Multi-Factor Authentication (MFA):

  • Go to the AWS Management Console.
  • Navigate to the IAM (Identity and Access Management) service.
  • Select "Users" and then your username.
  • Under the "Security Credentials" tab, click "Activate MFA" and follow the instructions to enable MFA using a virtual MFA device like Google Authenticator.Here is a list of compatible applications MFA 2

Best Practices:
Use IAM: Avoid using the root account for daily tasks. Create IAM users for individuals needing access and group them based on roles, applying appropriate policies.

AWS Access Key

Step-1 Create AWS Access key:

Step-2 Navigate to IAM Console:

  • Select Services from the top menu and search "IAM" in the search bar and select the IAM service from the list. IAM

Step-3 Access the Users:

  • In the IAM dashboard, click on Users in the left-hand menu.
  • Click on the name of the user for whom you want to create access keys. If you don't have any users set up, you may need to create a new user first. user
  • Once you are on the user details page, click on the Security credentials tab. security_cred tab

Step-4 Create New Access Key:

  • Scroll down to the Access keys section.
  • Click on the Create access key button.
    create
    access key

  • A new access key will be generated, consisting of an Access key ID and a Secret access key
    download

Step-5 Securely Store the Credentials:

  • Important: Download the key file or copy the credentials immediately. The secret access key will not be shown again after you close this dialog.
  • Store the access key ID and secret access key in a secure location. Do not share or expose these credentials.



Best Practices:
1. Keep Secrets Secure: Never share or expose your access keys. Use environment variables or AWS Secrets Manager to store them securely.
2. Monitor and Rotate Keys: Regularly review and rotate your access keys to reduce the risk of unauthorized access.

Top comments (0)