How to create an IAM user in AWS

Photo by Dollar Gill on Unsplash

How to create an IAM user in AWS

Table of Contents:

  1. What is IAM?

  2. Hands-on Lab Overview

  3. Hands-on Lab

    • Step 1: Specify user details

    • Step 2: Set user permissions

    • Step 3: Set user tags

    • Step 4: Review and create the user

  4. References

What is IAM?

IAM (Identity and Access Management) is a global service provided by Amazon Web Services (AWS) that allows you to manage user identities and their permissions to access AWS resources. IAM helps you securely control access to various AWS services and resources within your AWS account.

IAM is a global service in AWS. This means that IAM is not specific to any particular AWS region and operates globally across all regions and availability zones.

Key features and concepts of IAM include:

  1. Users: IAM enables you to create individual identities (users) for anyone who needs access to your AWS account. Each user is assigned a unique name and credentials for authentication.

  2. Groups: Users can be organized into groups, making it easier to manage permissions for multiple users with similar access requirements. Permissions can be assigned to groups, and all users in the group inherit those permissions.

  3. Roles: IAM roles are similar to users but are not associated with specific individuals. Instead, roles are assumed by entities such as EC2 instances, AWS Lambda functions, or even other AWS accounts. Roles are temporary and provide a way to delegate access to resources securely.

  4. Policies: Policies are JSON documents that define permissions. They can be attached to users, groups, and roles to grant or deny access to AWS resources. Policies specify what actions are allowed or denied on which resources.

  5. Access Keys: IAM users can have access keys associated with their account, which are used for programmatic access to AWS services using the AWS Command Line Interface (CLI), AWS SDKs, or other API calls.

  6. Multi-Factor Authentication (MFA): IAM supports adding an extra layer of security to user accounts through MFA. MFA requires users to provide an additional authentication factor, such as a one-time password from a virtual or hardware MFA device, in addition to their regular password.

  7. Integration with other AWS services: IAM integrates with various AWS services, enabling fine-grained control over access to resources. For example, IAM can be used to control access to S3 buckets, EC2 instances, RDS databases, and more.

Hands-on Lab Overview

In this hands-on lab, you will create an IAM user and admin group. You will add the IAM user to the admin group and assign an existing AdministratorAccess policy to the group.

Hands-on Lab

To create an IAM (Identity and Access Management) user in AWS, follow these steps:

  1. Sign in to the AWS Management Console: Go to the AWS Management Console ( and sign in using your AWS account credentials.

  2. Open the IAM service: Once signed in, search for "IAM" in the AWS Management Console search bar or locate and click on the "IAM" service under the "Security, Identity & Compliance" section.

  3. Navigate to the IAM users page: In the IAM console, click on "Users" in the left-hand navigation pane.

  4. Click on "Add user": On the IAM users page, click on the "Add user" button to start creating a new IAM user.

    Step 1: Specify user details

    • Specify a username for the IAM user (e.g., "karla").

Step 2: Set user permissions

  • Create an admin group and attach the existing policies to the group to grant specific permissions:

Step 3: Set user tags (optional)

  • Tags are key-value pairs that provide metadata for the user.

Step 4: Review and create the user

  • Review the provided information and make sure everything is correct.

  • Once you are satisfied, click on the "Create user" button to create the IAM user.

That's it! You have successfully created an IAM user in AWS.


  1. AWS Identity and Access Management Documentation

  2. What is IAM