[cs615asa] Blog | AWS IAM and Cost Explorer CLI Setup

Godwyn James William gwillia3 at stevens.edu
Sun Feb 12 20:43:23 EST 2023 

Dear Professor,

As I was going through AWS IAM and Cost Explorer CLI setup, I noticed that you mentioned that we don't have
access to manipulate IAM via the command-line but I was able to set up an IAM user using aws-cli when I was doing the
Homework 1 to setup ec2 instances.

I did that using the following commands:

# Create an IAM user account and the login credentials
 > aws iam create-user --user-name <user-name>
 > aws iam create-login-profile --user-name <user-name> --password <password> --password-reset-required

The --password-reset-required is used to force the new IAM user to reset the password on the first login

# Create an IAM group
 > aws iam create-group --group-name <group-name>
 > aws iam list-groups

# Add created IAM user to IAM group
 > aws iam add-user-to-group --group-name <group-name> --user-name <user-name>

# See finer details of the group with the users
 > aws iam get-group --group-name <group-name>

# Attach the AdministratorAccess policy to the group created
 > aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --group-name <group-name>

You can attach/configure different arn policies to provide the IAM user with only the permissions we/they require.
Also, we can create different groups for different requirements like database admin, developer....etc.

# See all the policies attached to the group
 > aws iam list-attached-group-policies --group-name <group-name>

# Now we create an access key for the IAM user that we have created
> aws iam create-access-key --user-name <user-name>

Copy the secret access key and access id and then save them in  ~/.aws/credentials and we should be good to use the
aws-cli as an IAM user.

I referenced the AWS documentation for most of these cli commands. I've linked it below.
iam — AWS CLI 2.9.23 Command Reference (amazonaws.com)<https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/index.html>


I wanted to share this information and I hope this is useful for anyone trying to create IAM users using the aws-cli.

Best Regards,
Godwyn James William
















-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20230213/bd8ecc68/attachment.html>

More information about the cs615asa mailing list