DZone
Cloud Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Cloud Zone > AWS CLI Basics – Part 3

AWS CLI Basics – Part 3

This is the third post in our series of AWS CLI fundamentals and today we’ll learn a few basics about IAM Users, Groups, and permission management.

Jawad Hasan Shani user avatar by
Jawad Hasan Shani
CORE ·
Nov. 25, 21 · Cloud Zone · Tutorial
Like (2)
Save
Tweet
8.09K Views

Join the DZone community and get the full member experience.

Join For Free

Introduction

In previous posts on this topic, we learned how to install, configure and use AWS CLI. We also learned how to create a static S3 based website using AWS CLI. Today’s we’ll learn a few basics about IAM Users, Groups, and permission management.

Creating IAM Users is a very common task, however managing each individual user’s permission is a tedious task, that’s where a user group can simplify a lot.

In nutshell, we can create user group(s) and configure permissions for that group. Then we can add many users to the group and this way, all users in the group will have those permissions.

We can create many groups e.g. admins, devs, operators, managers, etc. Let’s start by first creating an IAM User using CLI.

Creating an IAM User

The following create-user command will create a user ‘dev3’:

 
aws iam create-user --user-name dev3


Here is the output of that command:

Screenshot - 1

If later, you want to see that user information again, you can use the get-user command:

 
aws iam get-user --user-name dev3


And here is the output of command execution:

Screenshot - 2

Create Access Key for User

After creating an IAM user, we need an access key to give them access, otherwise, the user won't be able to do any action. Let’s check the access-key for user dev3 by executing list-access-keys command as shown below:

 
aws iam list-access-keys --user-name dev3


And here is the output of this command execution:

Screenshot - 3

As we can see there is no information about access keys for this user (make sense, as we just created this user and nothing more is set up).

Ok, let's create an access key for this user using create-access-key command:

 
aws iam create-access-key --user-name dev3


And here is the output of this command:

Screenshot - 4

Now if we use list-access-keys command again, it will show us the access key.

Now, you should make a note of this access key and transfer it to the corresponding user in some way.

With IAM User setup, let’s create a Group.

Create a Group and Configuring Permissions

Similar to the above command, the following is the syntax to create a Group (devs):

 
aws iam create-group --group-name devs


Next, to define, group permissions, we could create our own JSON formatted policy document and attach it to this group or we can use any pre-built Amazon policy which serves our purpose.

One such policy AmazonEC2FullAccess is suitable for purpose if you want to give group administrative permission to EC2 resources. We’ll need the ARN of that policy for this purpose.

Here is one helper command which does some bash magic to filter AWS Policy for words AmazonEC2 and the Access:

 
aws iam list-policies | grep AmazonEC2 | grep Access


Here is the output of this command:

Screenshot - 5

Note the ARN of this policy, we will use it in the next command when attaching this policy to the group.

Let’s attach this policy to the group by executing the following command:

 
aws iam attach-group-policy ` --policy-arn  arn:aws:iam::aws:policy/AmazonEC2FullAccess ` --group-name devs


The output of the command:

Screenshot - 6

Now devs group has this policy attached.

Add User to Group

We have now a user dev3 and a group devs with permissions setup, now it's time to add this user to the group.

Here is the command which will add user dev3 to group devs:

 
aws iam add-user-to-group ` --group-name devs ` --user-name dev3


Now, if we want, we can check in AWS Web Consoles, that our group and user is set up properly:

IAM Group:

Screenshot - 7

IAM User:


screenshot - 8


Summary

In this post, we learned how to create a user, group and attach an access policy to the group. We also learned how to create an access key for the user and how to add a user to a group. We did all these operations using AWS CLI.

Let me know If you have any questions or comments. Till next time, happy coding.

AWS Command-line interface

Published at DZone with permission of Jawad Hasan Shani. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Ultra-Fast Microservices: When Microstream Meets Wildfly
  • Java Hashtable, HashMap, ConcurrentHashMap: Performance Impact
  • Don't Underestimate Documentation
  • OPC-UA, MQTT, and Apache Kafka: The Trinity of Data Streaming in IoT

Comments

Cloud Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo