Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Create your first IAM user
An IAM user is an identity
within your Amazon Web Services account that has specific permissions for a single person or application.
Users can be organized into groups that share the same permissions.
For the purpose of familiarizing yourself with the process of creating a IAM user, this
tutorial steps you through creating an IAM user and group for emergency access.
- IAM console
-
To create your first IAM user
-
Follow the sign-in procedure appropriate to your user type as described in the topic How to sign in to Amazon in the Amazon Sign-In User
Guide.
-
On the Console Home page, select the IAM service.
-
In the navigation pane, select Users and then select
Add users.
If you have IAM Identity Center enabled, the Amazon Web Services Management Console displays a reminder that it is best
to manage users' access in IAM Identity Center. In this tutorial, the IAM user you create is
specifically for use only when your user in IAM Identity Center credentials are
unavailable.
-
For User name, enter
EmergencyAccess
. Names cannot contain spaces.
-
Choose the checkbox next to Provide user access to the
Amazon Web Services Management Console– optional and then choose
I want to create an IAM user.
-
Under Console password, select Autogenerated
password.
-
Clear the checkbox next to User must create a new password at next
sign-in (recommended). Because this IAM user is for emergency access,
a trusted administrator retains the password and only provides it when
needed.
-
On the Set permissions page, under Permissions
options, select Add user to group. Then, under
User groups, select Create group.
-
On the Create user group page, in User group
name, enter EmergencyAccessGroup
. Then, under
Permissions policies, select
AdministratorAccess.
-
Choose Create user group to return to the Set
permissions page.
-
Under User groups, select the name of the
EmergencyAccessGroup
you created previously.
-
Choose Next to proceed to the Review and
create page.
-
On the Review and create page, review the list of user
group memberships to be added to the new user. When you are ready to proceed, select
Create user.
-
On the Retrieve password page, select Download
.csv file to save a .csv file with the user credential information
(Connection URL, user name, and password).
-
Save this file to use if you need to sign-in to IAM and do not have access to
your federated identity provider.
The new IAM user is displayed in the Users list. Select the
User name link to view the user details. Under
Summary, copy the ARN of the user to
the clipboard. Paste the ARN into a text document, so that
you can use it in the next procedure.