Posted in AWS, Linux, Windows

MANAGING IAM (IDENTITY ACCESS MANAGEMENT) USERS

Posted on by Akhil

Create the user accordingly in IAM (Console) If required multiple. (In my case i use a IAM user named Harish). As the concept of IAM is unique among all other assets of AWS, the operations also differs with the user interface accordingly to the AWS Console and AWS-CLI.

Sign-in page (IAM Users only) :

AWS CONSOLE

  • Direct to the sign-in page using IAM users sign-in link from IAM Dashboard and customize if needed.

AWS-CLI

  • Initialize the configuration of the AWS and follow the onscreen commands for the default settings and follow the commands.
  • aws iam create-account-alias --account-alias cloudees // Customizing sign in link.
  • aws iam list-account-aliases // For detailed information.

Sign-in to the IAM User account with the help of the created alias account.

Identification of IAM users by AWS :

AWS CONSOLE

  • Every IAM User will be given their individual and unique name (usually) and can of-course differentiated based on their username.
  • In any case, a possibility of rehashing names is additionally a probability however it may be of less possibility, a concept of ARN (Amazon Resource Name) is used by AWS.
  • The ARN name of every IAM user can be seen in Identity and Access Management (IAM) > Users > Click on the username // where it shows

AWS-CLI

  • aws iam get-user --user-name Harish // To get complete details of the IAM User. To obtain the result as shown
  • A additional user id is also given for the user by the AWS which helps in differentiating the IAM user by AWS.

To view actions made by the IAM user :

AWS CONSOLE

  • Services> Identity and Access Management (IAM) > Users > Click on the username > Access Advisor
  • Detailed and beautiful graphical representation can be seen.

AWS-CLI

  • aws iam generate-service-last-accessed-details -- arn Arn details obtained above // The report need to be generated initially.
  • A job Id is returned as the output.
  • aws iam get-service-last-accessed-details --job-id obtained job id from above // To get complete details as followed

Adding Policies for IAM Users :

AWS CONSOLE

  • Services> Identity and Access Management (IAM) > Users > Click on the username > Add Permissions // For adding new policies.
  • The desired policies are selected form the listed bunch of predetermined policies.

AWS-CLI

  • aws iam attach-user-policy --policy-arn arn:aws:iam: :aws:policy/amazonS3Fullaccess --user-name Harish // Policy ARN for each policy differs.

Continuation of this differences in operations in many other aspects will be posted soon..

Unknown's avatar

Author:

I'm currently working as a cloud migration consultant in Deloitte. My days are primarily spent on cloud with a high focus on migrations and gcp management. On my downtime I prefer to be a 3d designer.

Leave a comment