How to Sign Up and Create an Admin IAM User on AWS
Part 3 of "Your First AWS App" series
Table of contents
In this article we will sign into the AWS console for the first time and create an IAM User with full administrator access. For reference, here are the official AWS doc's on the process: https://docs.aws.amazon.com/streams/latest/dev/setting-up.html. Feel free to follow along my video tutorial in parallel with the blog if more context is needed:
Sign up with AWS
If you haven't already done so, sign up to AWS at https://console.aws.amazon.com/console. You will need to provide billing card information in order to access all resources.
Once you are signed up, note the region at the top right of the console next to your username. If you are unsure which region to use, select "US East (N. Virginia)" also known as us-east-1. Regions have different prices and determine where in the world your services are stored. It's always important to make sure you have the correct region selected. For example, if you create a database in us-east-1, you won't be able to access it if you have a different region selected, like us-east-2. For our application, we will use us-east-1 for everything, so it should always be selected.
Create an IAM User with administrator access
Although it is possible to do everything using the root user access, it is highly recommended to create IAM (Identity and Access Management) Users and log in to your AWS console that way instead. These user logins can be tailored to access only certain components. For example, you may want to create a database user login for a database engineer on your team, allowing them to access only the database resource and nothing else.
Go to the IAM dashboard to begin.
Along the left pane under Access Management click on Users.
From here click on the "Create user" button to begin the wizard.
Provide a User Name
Check "Provide user access to the AWS Management Console" box
Select "I want to create an IAM user" radio button
Enter a Custom password
Uncheck "Users must create a new password at next sign-in" box
Click Next
On the User Groups screen, we will be creating a group with admin permissions for our user
Select "Add user to group" radio button
Click "Create group"
Enter an appropriate user group name
Under permission policies:
type "IAMFullAccess" into the search filter box and check the row.
type "AdministratorAccess" into the search filter box and check the "AdministratorAccess" row.
Click "Create user group" and you will return to the User Groups screen
Check your new user group box and click Next
Review the summary and click "Create User".
You will be brought to your new user screen. Note/bookmark the Console sign-in URL, and also don't forget your username and password. With these we can log in as this new user, so sign out of the aws console as the root user, and sign in using your new login. For any uncertainty check the video below.
Summary
We created our AWS account and added our first IAM user. The user is part of a user group we created with admin privilages. Going forward we will use this IAM user to develop our AWS app as its safer than using the root email login.