IT in Education

Creating User accounts

awsUsers includes anyone who will access your AWS resources, from Admins to S3 bucket users. This article describes how to create a new user.

Create an admin user

We will create an admin user, so we can stop using the root account. Note that you will need to have created the Administrators and Users groups before you can complete this task.

  1. Go to Services > IAM.
  2. Select Users in the left pane.
  3. Click the Add users button.
  4. Enter a User name (e.g. steven).
  5. Select the AWS Management Console access option.
  6. Enter a Console password, or allow the Autogenerated password option.
  7. Click Next: Permissions.
  8. Add the user to the Administrators and Users groups, by selecting them.
  9. Click Next: Tags.
  10. Click Next: Review.
  11. Click Create user.

You can view the autogenerated password by clicking the Show link.

Enable MFA

Now that you've created an IAM user, you will want to enable MFA for this user account, so that you can access AWS resources. Remember, that MFA is required for all users to access AWS resources, from the RequireMFAPolicy that you've applied to the Users group.

  1. Log on as the newly created IAM user.
  2. Go to Services > IAM.
  3. Select Users from the left pane.
  4. Click your user account to open it for editing.
  5. Select the Security Credentials tab.
  6. Click the Manage link next to Assigned MFA device.
    1. Select Virtual MFA device and click Continue.
    2. Click Show QR code.
    3. Using your phone app, add using the QR code.
    4. Enter two MFA codes from your app, in a row.
    5. Click the Assign MFA button.

To finish this process you must now log out and log in using MFA.

Assume the admin role

If you've created the Role called admin, you will now be able to assume this role.

  1. Log in to AWS console using your IAM user account.
  2. Click your username (top-right) and select Switch Role.
  3. Click the Switch Role button.
  4. Enter your Account ID or alias.
  5. Enter the Role (e.g. admin).
  6. Optionally enter a Display Name (e.g. Administrator).
  7. Choose a Colour.

Programmatic access user accounts

Now you are ready to create a user account to allow programmatic access to your applications (e.g. Nextcloud).

  1. Go to Services > IAM.
  2. Select Users in the left pane.
  3. Click the Add users button.
  4. Enter a User name (e.g. myschool-nextcloud).
  5. For the AWS Credential type choose the Access key, programmatic access option.
  6. Click Next: Permissions.
  7. Click Next: Tags.
  8. Click Next: Review.
  9. Click Create user.

Make a note of the Access key ID and the Secret access key and click Close when you're finished.

Thanks for visiting,