Create your first IAM user - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create your first IAM user

An IAM user is an identity within your Amazon Web Services account that has specific permissions for a single person or application. Users can be organized into groups that share the same permissions.

Note

As a security best practice, we recommend that you provide access to your resources through identity federation instead of creating IAM users. For information about specific situations where an IAM user is required, see When to create an IAM user (instead of a role).

For the purpose of familiarizing yourself with the process of creating a IAM user, this tutorial steps you through creating an IAM user and group for emergency access.

IAM console

To create your first IAM user

  1. Follow the sign-in procedure appropriate to your user type as described in the topic How to sign in to Amazon in the Amazon Sign-In User Guide.

  2. On the Console Home page, select the IAM service.

  3. In the navigation pane, select Users and then select Add users.

    Note

    If you have IAM Identity Center enabled, the Amazon Web Services Management Console displays a reminder that it is best to manage users' access in IAM Identity Center. In this tutorial, the IAM user you create is specifically for use only when your user in IAM Identity Center credentials are unavailable.

  4. For User name, enter EmergencyAccess. Names cannot contain spaces.

  5. Choose the checkbox next to Provide user access to the Amazon Web Services Management Console– optional and then choose I want to create an IAM user.

  6. Under Console password, select Autogenerated password.

  7. Clear the checkbox next to User must create a new password at next sign-in (recommended). Because this IAM user is for emergency access, a trusted administrator retains the password and only provides it when needed.

  8. On the Set permissions page, under Permissions options, select Add user to group. Then, under User groups, select Create group.

  9. On the Create user group page, in User group name, enter EmergencyAccessGroup. Then, under Permissions policies, select AdministratorAccess.

  10. Choose Create user group to return to the Set permissions page.

  11. Under User groups, select the name of the EmergencyAccessGroup you created previously.

  12. Choose Next to proceed to the Review and create page.

  13. On the Review and create page, review the list of user group memberships to be added to the new user. When you are ready to proceed, select Create user.

  14. On the Retrieve password page, select Download .csv file to save a .csv file with the user credential information (Connection URL, user name, and password).

  15. Save this file to use if you need to sign-in to IAM and do not have access to your federated identity provider.

The new IAM user is displayed in the Users list. Select the User name link to view the user details. Under Summary, copy the ARN of the user to the clipboard. Paste the ARN into a text document, so that you can use it in the next procedure.