by In a previous post I discussed about how to configure the root account and enable MFA for better security. Also in another previous post I have discussed how to configure your AWS account. In this post we will move to the next important step, which is creating a separate user account for daily usage instead of using the root account.
Using the root account for regular work is not recommended. AWS suggests creating an IAM user with administrative permissions and using that account for all activities. This improves security and provides better control over access.
Create an IAM Administrator User
First, log in to your AWS Management Console using your root account. Once logged in, go to the search bar at the top and type IAM. Click on the IAM service.
On the IAM dashboard, you will see different options on the left-hand side such as Users, Groups, Roles and Policies.
Before creating a user, we will create a group to manage permissions in a cleaner way.
Create a User Group
Click on User groups and then click on Create group.
Enter the group name as:
AdministratorsScroll down to the permissions section and search for:
AdministratorAccessSelect this policy and then click on Create group.
This group will have full administrative permissions for your AWS account.
Create a New IAM User
Now click on Users from the left-hand menu and then click on Create user.
Enter a user name. For example:
aws_admin_userSelect the option Provide user access to the AWS Management Console.
Choose the option to create an IAM user and select Autogenerated password. Also keep the option Users must create a new password at next sign-in enabled.
Click Next.
On the permissions screen, select Add user to group and choose the Administrators group created earlier.
Click Next and then click Create user.
Once the user is created, download the sign-in details or note down the console login URL, user name and password.
Login Using IAM User
Log out from the root account and use the IAM user credentials to log in.
On the login page, you will be asked for:
- Account ID or alias
- IAM user name
- Password
Enter the details and sign in. If you selected password reset, you will be asked to create a new password.
Enable MFA for IAM User
After logging in, it is important to enable MFA for the IAM user as well.
Go to IAM → Users → select your user → open the Security credentials tab.
Under Multi-factor authentication (MFA), click on Assign MFA device.
Select Authenticator app and scan the QR code using your mobile app such as Google Authenticator or Microsoft Authenticator.
Enter two consecutive MFA codes and complete the setup.
You should now see that MFA is enabled for your IAM user.
Create Access Keys for CLI
If you want to access AWS services from the command line, you need to create access keys for your IAM user.
Go to IAM → Users → select your user → Security credentials.
Under Access keys, click on Create access key.
Select the use case as Command Line Interface (CLI) and continue.
Optionally, you can provide a description for the key.
Click Create access key and download the CSV file containing your access key ID and secret access key.
Important: The secret access key is shown only once. Store it safely and never share it publicly.
Configure AWS CLI
Install AWS CLI on your system if it is not already installed. Once installed, open a terminal and run the following command:
aws configureEnter the following details:
AWS Access Key ID: <your-access-key>AWS Secret Access Key: <your-secret-key>Default region name: eu-west-2Default output format: jsonThis will configure your AWS CLI.
Verify CLI Configuration
To verify that everything is working correctly, run the following command:
aws sts get-caller-identityIf configured correctly, you will see your account ID and IAM user details.
Conclusion
In this post we have created an IAM administrator user, enabled MFA, configured access keys and set up AWS CLI. From now onwards, you should use this IAM user for all your AWS work instead of the root account.
In the next post, we will start working with AWS services and begin building our first lab setup.
Leave a Reply