[cs615asa] Blog | AWS IAM and Cost Explorer CLI Setup
Godwyn James William
gwillia3 at stevens.edu
Sun Feb 12 20:43:23 EST 2023
Dear Professor,
As I was going through AWS IAM and Cost Explorer CLI setup, I noticed that you mentioned that we don't have
access to manipulate IAM via the command-line but I was able to set up an IAM user using aws-cli when I was doing the
Homework 1 to setup ec2 instances.
I did that using the following commands:
# Create an IAM user account and the login credentials
> aws iam create-user --user-name <user-name>
> aws iam create-login-profile --user-name <user-name> --password <password> --password-reset-required
The --password-reset-required is used to force the new IAM user to reset the password on the first login
# Create an IAM group
> aws iam create-group --group-name <group-name>
> aws iam list-groups
# Add created IAM user to IAM group
> aws iam add-user-to-group --group-name <group-name> --user-name <user-name>
# See finer details of the group with the users
> aws iam get-group --group-name <group-name>
# Attach the AdministratorAccess policy to the group created
> aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --group-name <group-name>
You can attach/configure different arn policies to provide the IAM user with only the permissions we/they require.
Also, we can create different groups for different requirements like database admin, developer....etc.
# See all the policies attached to the group
> aws iam list-attached-group-policies --group-name <group-name>
# Now we create an access key for the IAM user that we have created
> aws iam create-access-key --user-name <user-name>
Copy the secret access key and access id and then save them in ~/.aws/credentials and we should be good to use the
aws-cli as an IAM user.
I referenced the AWS documentation for most of these cli commands. I've linked it below.
iam — AWS CLI 2.9.23 Command Reference (amazonaws.com)<https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/index.html>
I wanted to share this information and I hope this is useful for anyone trying to create IAM users using the aws-cli.
Best Regards,
Godwyn James William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20230213/bd8ecc68/attachment.html>
More information about the cs615asa
mailing list