Lesson Six
-
Video 6 How To Create An Admin User Account In IAM
Due to a change Amazon made in April 2014, you should create a separate user account for anyone using any of the tools in AWS including S3, even if you are the only person using your account.
-
This video explains why you need and how to create this user account.
Running time is 5:49
Lesson six
Lesson Six Read Transcript
Lesson Six
In this video, we’re going to create an IAM account, which stands for identity and access management. This allows you to have more control over the security of your AWS account access, especially if you have more than just yourself requiring access to your AWS account.
Basically this tool lets you create individual account access credentials for as many people as you need. Each account access you create can be just for one person or for a group, like for example all administrators can have access to certain AWS tools while let’s say only Bill can get access to just the S3 account, so he has his own account access and all the other administrators have their own account access. Even if you’re the only one that has access to your AWS account, this is still a good security practice to get in place, plus as of April 21, 2014 Amazon makes it kind of difficult for you to retrieve the secret access key for your AWS root account, which is required when you want to connect your AWS S3 account to certain third party applications. You still can create new access keys but it’s still a good idea to go ahead and have this security measure in place.
First off, to create you IAM account, we need to get to our AWS console. So go ahead and log in and I think I’ve been logged in before so we want to come on up here to our management console and then come over here in the middle, in the green section, under deployment and management, click on IAM and ideally you want to have green check marks throughout all of these orangey yield signs but we’re not going to worry about that right now. All we want to do is create individual IAM users and use groups to assign permissions. By the time we’re done, we should, if I’m not mistaken, have green marks here.
Let’s come on up here to groups first and then we’re going to create users within that group. Click on the 0 groups link here in the middle, then click on ‘create new group’ give it whatever name you want and in this example I’m just going to be the only person having access to my AWS account, so I want to create one group and one user but you can use these same steps to create multiple groups on your account and within those multiple groups create individual users with specific access rules. Give it a name, click on next step down here on the lower right and you can use any of these policy templates or if you have a better idea as to what you’re doing, you’re going to use a custom policy or the policy generator.
You have those options here, but to keep things moving right along I’m going to go ahead and get this one right here since it’s just me, administrator access, and this gives you a little bit of a definition under each one of these titles as to what type of access goes along with this. Click on the select button here over to the right and here’s a policy name, here’s a policy document, you don’t have to worry about any of that stuff, but if you do know what you’re doing, you can go in and make some adjustments here but I’m just going to click on next step and if you want to make any last minute adage here on the name or the permission you can do so and then just click on create group in the lower right corner. Group is created.
Now then come over to users on the far left side, then come on up here to the top and click on create new users. Let’s give it a name and you can also untick or leave this box alone that says “generate an access key for each user.”
It’s totally up to you depending upon the situation as to why you’re creating this particular user. I’m going to go and leave that ticked because I want to have an access key for that user, being me, and click on ‘create’.
Normally in a real world situation, I would not be clicking on this ‘show user security credentials’, I would just go ahead and download the credentials right here on the lower right corner and that would give me the secret access key as well as the access key that I would need for any third party tools that I would want to connect my AWS account to, but this is a training video and I’m going to be deleting this user here in a second anyway, so I’m going to go ahead and click on ‘show user credentials’ and I’m just going to copy all these to my clipboard and then click on close. You’ll get this warning up here saying “hey are you sure you don’t want to download this” I’m going to say “yeah no problem” then click on close.
Now then we’ve got a user and we’ve got a group, but let’s go ahead and assign this user because right now old Joe here doesn’t have any permissions. He doesn’t have access to anything. Let’s change that. Select Joe. Come on up here to user actions and hit that dropdown arrow, add user to group and you see you’ve got other options here as well and if this were another employee of mine, I would also go ahead and make sure that there are certain password parameters like making sure that the password was a certain length and maybe certain types of characters were required for a stronger password or I might also want to manage the MFA device and here is also where I can come on and remove user from group. I can also just delete the user altogether too if I wanted. Let’s go ahead and add user to group. Select the group because there may be several groups to chose from but this is a group I want to add Joe to, then click on ‘add to groups’ and now Joe belongs to group one.
Let’s head on back to our dashboard. You see we’ve got the two green marks right here. That’s what we kind of sort of set out to do but again if we were doing this with multiple employees, I would want to shoot for green marks across the board and there’s a lot more to this than what we just covered in this video, like assigning various roles to the different users, providing them with their own AWS access to where they would have their own sign in link and password that we would send to them, that way they can log in to this particular AWS account only having access to whatever we assign to them so that they could do whatever job it is that they’re supposed to be doing, whether it’s just working on S3 or maybe they’re working on our website and they have to have certain access to EC2, I mean there’s so much more that you can do with the IAM access than what we’ve done here.
That’s going to bring us to the end of this video on an introduction to setting up identity and access management accounts. Thanks for watching and you have a great day.
Upgrade Now To Recieve The Full Amazon S3 Tutorials Plus Resell Rights