# What is AWS IAM? How to create IAM User? # Introduction - IN AWS There are Two types of Users One is the AWS Root User and the other user is AWS Identity and Access Management User (IAM). - AWS Account creation starts with one Identity that has complete access to all AWS services ( More than 200 services) Which is called AWS Root user, we can sign in as a root user with an Email id and password which is used while creating an account and for IAM user created by the Root user or IAM Administrator # Root User - The Root user has complete access to all AWS services - For the Creation of Accounts only we require a Root user, Instead, create a user and Access the AWS Services - The root user has a complete set of permissions and should not be given to others Instead of using Root, it's always advisable to create IAM User ## What are IAM Services? - IAM User - IAM Groups - IAM Policies - IAM Roles ## Detailed Explanation about IAM I: Identity → Authorization A: Access → Authentication M: Management → Management ### Identity Identity is of Two Types 1) IAM User 2) IAM Role ### IAM User - In an organization, we have to allot IAM users to the employee - The organization won't provide Root user Credentials to employees, Instead, it creates - IAM User - IAM User permits users to give external access to the AWS console ### IAM Role - IAM Role is also one type of identity - IAM Role is Temporary access to the Service of AWS where Access key and Secret key are temporary and changes with time - IAM Role is which permits Internal Access, which provides access and action upon all the services of AWS with required permissions ### IAM Policies - IAM Policy comes under Access Management - IAM Policies are of two types they are 1) AWS Managed Policies - These policies are Managed by AWS and we can say these are Predefined policies - For Example : a) Administrator Full Access b) S3 Full permission c) Read-only Access 2) Customer-managed Policies Fine grain permissions are managed by the customers and they write their own policies # Format for writing IAM Policy? - AWS Policy Exists in JSON Format - It Includes : ``` { "Version": "2012-10-17", "Statement": [ { "Action": "ec2:*", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ec2:Region": "us-east-2" } } } ] } ``` - The Policy includes Version, Statement, Effect, Action, Resources in common - The version number is when this policy came into exist - The effect should be " Allow " or "Deny " - In Actions, if it is * then you are giving Full Administrator Access # IAM Group - Adding Policy to all users is tough, We cant attach a single policy to a single user - So We can place each team in one group and we can attach One policy to Each Group # How Can we Access AWS? We can access AWS by using 4 Ways - 1.Console - 2.CLI - 3.Programmatic Access - 4.HTTP/API # How To create IAM User? 1) Log in to Aws Console and select region 2) Select the IAM service 3) Select Users 4) Add Users 5) Select Access type - programmatic Access - AWS Management Console Access 6) I Selected AWS Management Console Access 7) In Console password Select Autogenerated Password 8) In Require Password reset select User Must Create a New Password at Next sign in 9) Click on Next 10) Click on Attach Existing policies - By Default AWS is providing 665 Policies 11) Click on Tags 12)Click on Review 13)Click on Create User 14) You can download the CSV file , where you can get user name and password and link to Access 15 ) Now login as **IAM User** 16)provide 12 digit account number which is given in csv file 17)Give IAM user and Password 18)Click on sign-in 20)Now it prompts for Password Change 21)Now IAM user is Created and we logged in