This article on DEV Community explains AWS Identity and Access Management (IAM) and its capabilities for managing users, groups, and permissions within AWS. It highlights how IAM allows creating users with unique credentials and assigning permissions through policies. The article includes examples of using Terraform to automate the creation of IAM users, access keys, and policies.
Link:WHAT IS IAM
IAM is a service that allows you to create and manage users and groups, and to assign permissions that control access to AWS resources.
The Root Account is the initial account created when you sign up for AWS. It has full administrative access to all AWS services and resources in the account. The root account is identified by the email address used during account creation.
Important: The root account should only be used for tasks requiring unique permissions. For everyday administrative tasks, create IAM users with the necessary permissions.
How to Secure the Root User
1. Enable Multi-Factor Authentication (MFA)
· Log in to the AWS Management Console using your root account.
· Navigate to the IAM service.
· In the left-hand navigation pane, click on Dashboard.
· Under the Activate MFA on your root account section, click on Manage MFA.
· Follow the instructions to set up MFA for your root account.
2. Create an admin group and assign the appropriate permission
Step-by-Step Guide to Creating an "Admins" Group in AWS IAM
Log in to AWS Management Console:
Open your web browser and go to the AWS Management Console. Log in with your credentials.
Navigate to IAM:
In the AWS Management Console, type "IAM" in the search bar and select IAM to open the Identity and Access Management dashboard.
Create a New Group:
In the left-hand navigation pane, click on User groups.
Click the Create group button.
Set Group Name:
On the Create user group page, enter a name for your group. For example, "Admins".
Click Next to proceed.
Attach Permissions Policies:
On the Attach permissions policies page, you need to add the policies that will define the permissions for the group.
Scroll through the list or use the search bar to find the policy named AdministratorAccess.
Check the box next to AdministratorAccess. This policy provides full access to AWS services and resources.
Review and Create the Group:
Review the group details, ensuring that the correct policy is attached.
Click Create Group.
3. Create a User account for admins
- Navigate to the IAM service.
In the left-hand navigation pane, click on Users and then Create User.
Enter a username (e.g., UserAdmin).
Select Programmatic access and AWS Management Console access.
Set a custom password or allow the user to create one at first sign-in.
Click Next: Permissions.
- In the policy list, search for AdministratorAccess.
- Check the box next to AdministratorAccess and click Create group.
- Ensure the new group is selected and click Next: Tags.
- Add any tags if necessary and click Next: Review.
- Review the details and click Create user.
4. Add users to the admin group
- Navigate to User Groups, and click on the group name to add the user.
- Scroll down and Click on Add Users.
- Select the User to be added to the Admin group and the users will be added successfully to the group operating under the policies in that group.
By following these steps and best practices, you can ensure your AWS account is securely configured and that administrative access is managed appropriately.
Top comments (0)