IAM Users

In this lesson, you’ll learn how to set up IAM users and grant them access to AWS services. An IAM user can interact with AWS through the Management Console, AWS CLI, or SDKs, based on the permissions you attach.

Why IAM User Permissions Matter

By default, a newly created IAM user has no permissions. You must attach policies to grant access.

AWS Services and CLI Examples

Service	Description	CLI Example
Amazon EC2	Virtual machines in the cloud	`aws ec2 describe-instances`
Amazon RDS	Managed relational databases	`aws rds describe-db-instances`
Amazon EKS	Kubernetes clusters	`aws eks list-clusters`
AWS Lambda	Serverless compute for code	`aws lambda list-functions`
Amazon DynamoDB	Fast NoSQL database	`aws dynamodb list-tables`
Amazon S3	Object storage for files	`aws s3 ls s3://your-bucket`
Elastic Load Balancing (ELB)	Distribute incoming traffic	`aws elb describe-load-balancers`
Amazon Route 53	Scalable DNS service	`aws route53 list-hosted-zones`
Amazon VPC	Isolated virtual networks	`aws ec2 describe-vpcs`
Amazon SNS	Pub/Sub messaging and notifications	`aws sns list-topics`

Methods to Attach IAM Policies

You can grant AWS permissions by attaching policies to:

IAM Users: Directly attach policies to the user.
IAM Groups: Assign users to groups; they inherit group policies.
IAM Roles: Allow users or services to assume roles with temporary credentials.

Creating an IAM User

1. Using the AWS Management Console

Sign in to the AWS Management Console.
Navigate to IAM > Users > Add users.
Enter a User name and select the access type:
- Programmatic access (for AWS CLI/SDK).
- AWS Management Console access (for web console).
Click Next: Permissions and choose how to assign permissions:
- Add user to group
- Attach existing policies directly
- Copy permissions from existing user
Review and create the user. Download or copy the Access Key ID and Secret Access Key.

2. Using the AWS CLI

Create an IAM user:

aws iam create-user --user-name alice

Generate access keys for programmatic access:

aws iam create-access-key --user-name alice

Attach a policy (e.g., AmazonS3ReadOnlyAccess):

aws iam attach-user-policy \
  --user-name alice \
  --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

Store your Access Key ID and Secret Access Key securely. Treat them like password credentials.

Introduction

Introduction to AWS Identity and Access Management

IAM Policies Federation STS and MFA

Configure AWSIAM at Scale

Why IAM User Permissions Matter

AWS Services and CLI Examples

Methods to Attach IAM Policies

Creating an IAM User

1. Using the AWS Management Console

2. Using the AWS CLI

Next Steps

Links and References

Watch Video

Introduction

Introduction to AWS Identity and Access Management

IAM Policies Federation STS and MFA

Configure AWSIAM at Scale

​Why IAM User Permissions Matter

​AWS Services and CLI Examples

​Methods to Attach IAM Policies

​Creating an IAM User

​1. Using the AWS Management Console

​2. Using the AWS CLI

​Next Steps

​Links and References

Watch Video

Why IAM User Permissions Matter

AWS Services and CLI Examples

Methods to Attach IAM Policies

Creating an IAM User

1. Using the AWS Management Console

2. Using the AWS CLI

Next Steps

Links and References