AWS Tutorial
    About Lesson

    Using the root account in AWS for daily tasks poses significant security risks. Instead, you should create an IAM (Identity and Access Management) user with specific permissions tailored to the tasks they need to perform.

    Here’s a step-by-step guide:

     

    1. Log in to the AWS Management Console

    Log in using the root account.

    Navigate to the IAM Console (search for “IAM” in the AWS console).

     

    2. Create a New IAM User

    1. Go to Users

    In the IAM Dashboard, click Users in the sidebar.

     

    2. Add User

    Click Add Users.

    Enter a username (e.g., admin-user or developer).

    Select the AWS Management Console access option for users requiring console access.

    Choose Password options:

    Auto-generate or set a custom password.

    Require the user to reset their password upon first login.

    3. Click Next to Set Permissions.

     

    3. Assign Permissions to the User

    There are three main ways to assign permissions:

    Option A: Attach Policies Directly

    Choose from existing AWS-managed policies like:

    AdministratorAccess: Grants full permissions.

    PowerUserAccess: Full access to AWS services but no IAM permissions.

    ReadOnlyAccess: View-only permissions.

    Select the policy that best fits the user’s role.

    Option B: Add User to a Group

    Create a new group with appropriate permissions, or add the user to an existing group.

    For example:

    Admins group for administrative access.

    Developers group with limited permissions (e.g., access to specific services).

    Option C: Use a Custom Policy

    Create a fine-grained, JSON-based policy for specific actions or resources.

    Example: Grant access only to a specific S3 bucket.

     

    4. (Optional) Add Tags

    Tags can help you identify and organize users (e.g., Department: IT).

     

    5. Review and Create User

    Review the details and click Create User.

    Provide the user with their credentials (e.g., username, password, and login URL).

     

    6. Secure the Root Account

    Enable MFA (Multi-Factor Authentication) on the root account.

    Store root credentials securely and avoid using them for day-to-day tasks.

     

    7. Monitor and Audit IAM Users

    Use AWS CloudTrail to monitor API activity.

    Review permissions regularly to ensure users have only the access they need.

    By following these steps, you’ll improve the security of your AWS environment by limiting root account usage and ensuring each user has the appropriate permissions.