How to Sign Up and Create an Admin IAM User on AWS

How to Sign Up and Create an Admin IAM User on AWS

Part 3 of "Your First AWS App" series

In this article we will sign into the AWS console for the first time and create an IAM User with full administrator access. For reference, here are the official AWS doc's on the process: https://docs.aws.amazon.com/streams/latest/dev/setting-up.html. Feel free to follow along my video tutorial in parallel with the blog if more context is needed:

Sign up with AWS

If you haven't already done so, sign up to AWS at https://console.aws.amazon.com/console. You will need to provide billing card information in order to access all resources.

💡
Caution is advised when using services in aws. Know the pricing page and aws calculator exist if you are uncertain about a particular service costs, these are generally good to consult before adding a new service. There is also a refund request process for genuine mistakes, customer care are quite understanding of beginners incurring unexpected bills. My advice is use a card or account with a low amount of cash in it, I personally use a Revolut virtual card to sign up which i never keep more than pocket money amounts in, so investigate a similar option in your region. For reference, our full stack app will cost around 1 to 2 dollars per month to run assuming a low level of traffic. In a later article we will review the AWS billing page and how to review bills, enforce limits and warnings.

Once you are signed up, note the region at the top right of the console next to your username. If you are unsure which region to use, select "US East (N. Virginia)" also known as us-east-1. Regions have different prices and determine where in the world your services are stored. It's always important to make sure you have the correct region selected. For example, if you create a database in us-east-1, you won't be able to access it if you have a different region selected, like us-east-2. For our application, we will use us-east-1 for everything, so it should always be selected.

Create an IAM User with administrator access

Although it is possible to do everything using the root user access, it is highly recommended to create IAM (Identity and Access Management) Users and log in to your AWS console that way instead. These user logins can be tailored to access only certain components. For example, you may want to create a database user login for a database engineer on your team, allowing them to access only the database resource and nothing else.

💡
Its highly recommended to enable Multi-Factor Authentication on your root user login, you will see a warning recommending you enable it on the IAM dashboard. Consider doing this now before proceeding. The root user login is the most important login in aws, you can always fall back to this login to delete any IAM users, including the admin IAM user we are creating here. Thus it should be very secure.
  1. Go to the IAM dashboard to begin.

  2. Along the left pane under Access Management click on Users.

  3. From here click on the "Create user" button to begin the wizard.

    1. Provide a User Name

    2. Check "Provide user access to the AWS Management Console" box

    3. Select "I want to create an IAM user" radio button

    4. Enter a Custom password

    5. Uncheck "Users must create a new password at next sign-in" box

    6. Click Next

  4. On the User Groups screen, we will be creating a group with admin permissions for our user

    1. Select "Add user to group" radio button

    2. Click "Create group"

    3. Enter an appropriate user group name

    4. Under permission policies:

      1. type "IAMFullAccess" into the search filter box and check the row.

      2. type "AdministratorAccess" into the search filter box and check the "AdministratorAccess" row.

    5. Click "Create user group" and you will return to the User Groups screen

    6. Check your new user group box and click Next

  5. Review the summary and click "Create User".

You will be brought to your new user screen. Note/bookmark the Console sign-in URL, and also don't forget your username and password. With these we can log in as this new user, so sign out of the aws console as the root user, and sign in using your new login. For any uncertainty check the video below.

Summary

We created our AWS account and added our first IAM user. The user is part of a user group we created with admin privilages. Going forward we will use this IAM user to develop our AWS app as its safer than using the root email login.