How to create an IAM user in your AWS account

Reading Time: 4 minutes

In this blog we will see what is IAM ,why do we need IAM then we will see how we can create an IAM user .So first lets discuss about IAM.

What is IAM?

IAM stands for Identity and Access Management. It is a global service.IAM enables you to manage access to AWS services and resources in a very secure manner. It is used to set users, permissions, and roles.

With the help of the IAM service, an organization can create multiple users, each with its own credentials. The user is only able to access the services that are assigned to him/her.

Why do we need IAM?

When we create an account we create a root account and has created by default. The root user of the account & the only thing you should use it for is to set up your account. By default, the root account user has access to all resources for all AWS services.

Now assume that you are the head of an organization. A team of 6 persons in your organization that work on some projects and deploy them in AWS.

You obviously don’t want to give your root account credentials to your developers or DevOps and ask them to deploy apps. So, the main purpose of IAM is to manage AWS user identities.

What you should be doing instead is creating users. So now let’s discuss IAM users.

IAM Users

AWS IAM User is an entity that you create in the AWS account to represent the person that uses it to interact with AWS. one user represents one person within your organization. It allows the account used to execute certain tasks in AWS.

A user is made up of a name, password for the AWS Management Console, and access keys to use with the API or CLI.

Users can be grouped together if it makes sense and users don’t have to belong to a group, and users can belong to multiple groups. So let’s know about the IAM group.

IAM User groups

The User group is a collection of IAM users. It let you assign permissions for multiple users, which can make it easier to manage the permissions for those users.

So, the users that require the same permissions can be grouped together. A user group can contain many users, and these users can also belong to multiple user groups.

How to create an IAM user?

We can create an IAM user with the following ways.

  • By using AWS CLI
  • Through AWS Console
  • By using AWS API

I this blog i am using AWS console to create an iam user.You can create one or more IAM users in your AWS account. Follow these simple steps to create an IAM user:

First, log in to your AWS Console and select IAM from the list of services.

select Users

Select Add User.

After clicking on the Add User, the screen appears which is shown below:

1.Enter the user name for the user you want to create I am giving jubair-ahmad as you can see in below image.

2. Select the type of access this set of users will have. Either you want a user to have programmatic access , AWS Management Console access or both.Here I am using password-AWS Management Console access as you can see.

For Console password, choose one of the following:

  • Autogenerated password: Each user gets a randomly generated password that meets the account password policy.You can view or download the passwords when you get the final page.
  • Custom password: each user is assigned the password that you put in the box.

Now choose Next Permissions

Choose one of the following three options.

1.Add user to group :

If you want to add user into a group then choose this options.for example user belong to a developer group and you have created a group named developer then you can add this user to that group.

2.Copy permissions from existing user :

Choose this option if you want to attach a policy that are permissions to a user already in your account.

3.Attach existing policies directly :

Choose this option to see a list of the AWS managed and customer managed policies in your account. Select the policies that you want to attach to the new users or choose Create policy to open a new browser tab and create a new policy from scratch.

Here I am choosing the last options as you can see in the below image.


Now select Next Tags

If you want to give a tag you can give as well but this is optional.

Now select Next: Review

Now select Create user

Congrats You have successfully created an IAM user .You can download .csv file to view the password you have created earlier.Also you can send the email to user so that user can get login credentials .


For more interesting blogs check out link

Written by 

Jubair Ahmad is a Software Consultant (DevOps)at Knoldus.Inc.He loves learning new technology and also have interest in playing cricket.