In the previous post, we have seen how to Activate Multi-factor Authentication on Root Account. In this post we will see how to to manage Users in AWS IAM.
User management is a critical thing in the context of security and we need to provide access to user based on the requirements. There is no use of giving all access to all as it is a security threat. Let's create IAM users here. In security status section, click on "Create individual IAM users" and click on "Manage Users".
It will open a Users' dashboard to manage users under AWS account. Let's click on the "Create New Users" button. This is the step to create up to 5 users.
We can use alphanumeric characters, +, =, ,, ., @, and - in the user name. Click on the check box "Generate access key for each user". In our case, we will create two users.
One important thing to remember is, Access Key and Security Access Key are useful for various utility to connect to AWS Services. Example, CloudBerry Explorer can use it to connect to S3 bucket. Access Key and Security Access Key are not used for AWS management console. Download credentials for reference. Please remember that we can't retrieve security credential again however we can create new combination at any time.
Now verify the Uses in the AWS dashboard. Do you notice Password section empty? We need to assign password to each user so he or she can use username and password to sign in to AWS management console using IAM sign in Link.
So, what to do to assign password to each user? Select the user and click on "User Actions". In the drop down menu select "Manage Password".
It will open a dialogue box and we will have two options here 1) Assign an Auto Generated Password or 2) Assign a Custom password.
As usual, Auto Generated Password will be strong but not easy to remember so we will select second option.
Wait, as an admin, if I select a password for users then how it is secured? I am aware about it right?
In this case, we can also provide facility to users to change password at the time of next Sign-in. Isn't it cool :-).
Click on Apply.
Now verify the TICK in the Password column on the AWS Management Console of Users. Also verify "Password Last Used Column", Now it says "Never Used". Verify it for another user which is not assigned any password and it is showing N/A.
Now click on the Dashboard and we will be redirected to "AWS IAM Dashboard." Bingo!!! We got a Green Traffic Signal again.
Ladies, and Gentleman, now it is time to verify New users. Whether new user can sign in to AWS management console using customized IAM Sign-in link or not.
Open the customized IAM Sign-in link, provide username and password we have configured recently.
Bingo! Now we can access AWS management console by user accounts created in AWS IAM.
Let's try to access different section of AWS management console.
By Default users don't have any permissions.
Go to EC2 dashboard and click on the Launch Instance.
Verify the alert "You are not authorized to perform this operation."
So to solve the problem, we need to provide rights to users to access AWS management portal.
Labels: AWS, AWS IAM, Cloud Computing, Public Cloud