Creating an IAM profile in AWS can be a complex process, especially for those who are new to AWS or have limited experience with cloud computing. There are many different policies to choose from, and selecting the appropriate policies can be a challenge. Additionally, ensuring that the permissions are set up correctly and that the user has access to the appropriate resources can be time-consuming and require a lot of attention to detail.
Step 1 : go to IAM service page and click on add users
Step 2: Is easy
Step 3: Select Permissions, click on Create Group
Here are some groups that you might want to create, and the policies you would most likely want to attach
AWS Permission Group | Policies Attached |
---|---|
Developer group | AmazonEC2FullAccess, AmazonS3FullAccess, AWSLambda_FullAccess, AWSCodeCommitPowerUser, AWSCodeBuildDeveloperAccess, AWSCodeDeployFullAccess, AWSCodePipeline_FullAccess, AWSXRayFullAccess |
Administrator group | AdministratorAccess, AmazonEC2FullAccess, AmazonS3FullAccess, AmazonRDSFullAccess, AWSLambda_FullAccess, AWSCodeCommitFullAccess, AWSCodeBuildFullAccess, AWSCodeDeployFullAccess, AWSCodePipelineFullAccess, AWSXRayFullAccess |
Billing group | Billing, CloudWatchReadOnlyAccess |
Security group | SecurityAudit, AWSConfigRole |
Support group | AWSHealthFullAccess, AWSSupportAccess |
Step 4: Select the group
Step 5: After creating an IAM user and attaching the appropriate group, you can share the access with the developer by providing them with the IAM user credentials and login URL.
To do this, you can follow these steps:
- Navigate to the IAM dashboard in your AWS console.
- Select the IAM user you just created and click on the “Security credentials” tab.
- Click on the “Create access key” button to generate an access key and secret access key for the user.
- Share the access key and secret access key with the developer. You can do this by securely emailing them the credentials or sharing them through a secure file sharing service.
- Also, share the URL for the AWS console login page with the developer, which is typically in the format “https://<your-account-number>.signin.aws.amazon.com/console”. The developer will need to enter the IAM user credentials to access the AWS console and start using the AWS services that they have been granted access to.
It is important to emphasize the importance of keeping the IAM user credentials secure and confidential, as these credentials provide access to your AWS resources. Additionally, it is recommended to set up multi-factor authentication (MFA) for IAM users to add an extra layer of security.
Step 6: AWS Access Key has many options. Pick CLI