{"id":10344,"date":"2023-12-11T21:01:36","date_gmt":"2023-12-11T21:01:36","guid":{"rendered":"https:\/\/putridparrot.com\/blog\/?p=10344"},"modified":"2023-12-11T21:01:36","modified_gmt":"2023-12-11T21:01:36","slug":"the-iam-user-on-aws","status":"publish","type":"post","link":"https:\/\/putridparrot.com\/blog\/the-iam-user-on-aws\/","title":{"rendered":"The IAM User on AWS"},"content":{"rendered":"<p>When you signed up for AWS you created a <em>Root user<\/em> account. However we really should create another user (even if they have root like permissions) to run our cloud account.<\/p>\n<p>Why do we need this user if they&#8217;re basically admin? Well we can reduce permissions but also delete the user without affecting the root user which we cannot do this on.<\/p>\n<p>Let&#8217;s create an IAM (Identify and Access Management) user for our development use which will basically have admin permissions but would not be the user we use four out applications, this is essentially a developer account. <\/p>\n<p>How do we set up our development user?<\/p>\n<ul>\n<li>Log into your AWS account as <em>Root user<\/em><\/li>\n<li>In this search bar type <em>IAM<\/em><\/li>\n<li>First we want to create a new group, so select <em>Access management | User groups<\/em>\n<ul>\n<li>Click <em>Create group<\/em><\/li>\n<li>Enter a name for the group, usually we&#8217;d probably have this name match the application that the group represents, so I&#8217;m going to do this for my unit conversion API app, hence my group is <em>UnitConversionApiUsers<\/em> for my unit conversions API<\/li>\n<li>In the <em>Attach permissions policies<\/em> let&#8217;s give this group <em> AdministratorAccess<\/em> permissions<\/li>\n<li>Now click the <em>Create group<\/em> button<\/li>\n<\/ul>\n<\/li>\n<li>You should be placed back on the <em>User groups<\/em> screen and see out new group with zero users. So now click the <em>Access management | Users<\/em> option on the left of the screen\n<ul>\n<li>Click the <em>Create user<\/em> button<\/li>\n<li>Enter a name for the user then click <em>Next<\/em><\/li>\n<li>Leave the default <em>Add user to group<\/em><\/li>\n<li>Check\/tick the group you added then click the <em>Next<\/em> button<\/li>\n<li>Finally click <em>Create user<\/em><\/li>\n<\/ul>\n<\/li>\n<li>From the users screen on the <em>Security credentials<\/em> tab I have also clicked <em>Enable console access<\/em>, I also check the <em>User must create new password at next sign-in<\/em>, but you can autogenerate or create a custom password to suite<\/li>\n<li>Download the <em>.csv<\/em> file for later use, but don&#8217;t worry if you don&#8217;t it will contain <em>User name<\/em>, <em>Password<\/em> and <em>Console sign-in URL<\/em> so you can copy these if you prefer from the UI<\/li>\n<\/ul>\n<p>Note that the console URL contains the account number, we can change this using the alias option, from the IAM dashboard select the <em>Dashboard<\/em> option. On the right of the screen you&#8217;ll see AWS Account and am option to Create an Account Alias, clicking this we can enter a name to replace the account number in the URL. You&#8217;ll see the Sign-in URL change to suit.<\/p>\n<p>Try signing into AWS by using the console URL or it&#8217;s alias if you changed that and in my case I was prompted to change the password, so did that and was able to log in.<\/p>\n<p>You&#8217;ll also want to go the the user that you created and click <em>Create access key<\/em>. When completed download the .csv and or copy the access id and secret key so you can used from the AWS CLI or IDE integration.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When you signed up for AWS you created a Root user account. However we really should create another user (even if they have root like permissions) to run our cloud account. Why do we need this user if they&#8217;re basically admin? Well we can reduce permissions but also delete the user without affecting the root [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[700],"tags":[],"class_list":["post-10344","post","type-post","status-publish","format-standard","hentry","category-aws"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts\/10344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/comments?post=10344"}],"version-history":[{"count":5,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts\/10344\/revisions"}],"predecessor-version":[{"id":10352,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts\/10344\/revisions\/10352"}],"wp:attachment":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/media?parent=10344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/categories?post=10344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/tags?post=10344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}