LogoS3Repo

Create New User

A guide to creating a new IAM user for daily administrative and programmatic tasks, and assigning them appropriate permissions.

10 minutes
Beginner

Overview

The AWS root account has unrestricted access to all services and resources. It's a critical security risk to use it for day-to-day operations. Instead, you should create IAM users and grant them the specific permissions they need. This guide will walk you through creating a new IAM user.

Prerequisites

  • An active AWS account
  • Access to the IAM Management Console
  • It is helpful to have a policy ready to attach to the user

Step 1: Access the IAM Console

Navigate to the IAM service in the AWS Management Console.

  1. Sign in to the AWS Management Console with your root or IAM admin user
  2. In the search bar, type "IAM" and select it from the dropdown
  3. In the left-hand navigation pane, click on "Users"

Step 2: Create a New User

Now, you will use the user creation wizard.

  1. Click the "Create user" button

Set User Details

  • User name: Enter a descriptive name for the user, e.g., developer-james or s3-admin-user
  • Check the box for "Provide user access to the AWS Management Console - Optional" if you want the user to be able to sign in to the console.
  • If you check the box, select "I want to create an IAM user"

Set Permissions

This is a crucial step for applying the principle of least privilege.

  • Method: Choose "Attach policies directly"
  • Policies: Search for and select the policies you wish to attach to this user. For example, you could attach a custom policy you created earlier (like the S3 read-only policy) or a managed policy like AmazonS3FullAccess.
  • Best Practice: Attach policies to a group and add the user to that group. This makes management scalable.

Review and Create

  • Review the user name and the permissions you've attached
  • Click "Create user"

Step 3: Set Up Credentials

After creating the user, you have two credential options.

Console Password

If you opted for console access, you will be shown the user's console password. You have the option to set a custom password or have AWS generate a temporary one. You can also choose to force the user to reset their password on first login.

Important: Save the password in a secure place or share it with the user immediately. You won't be able to retrieve it again.

Next Steps

Your new IAM user is now ready to go!

  • Learn how to create access keys for programmatic access (e.g., for the AWS CLI or SDKs)
  • Use the new IAM user for your daily tasks instead of your root account