Hands-On: Creating An IAM Group

Now, let’s create an IAM group (and an IAM user in the next lesson) to use during this course.

Why create another user?

We might ask ourselves, Why do we need to create another user on AWS? The reason is simple: for security reasons. So far, we’ve done all actions within AWS with the AWS root user. Similar to root on Linux machines, this user is essentially allowed to do anything within our AWS account (including running a lot of stuff that can get expensive quickly).

The best practice is not to use this user for day-to-day operations, but rather to create specialized users with restricted access. This is what this lesson is about.

>Note: If you haven’t protected your root user with two-factor authentication (2FA), now is a good time to do it. Please check the appendix $^1$.

Create a new IAM group and user

1. Login in as the root user. Go to https://console.aws.amazon.com/.
2. Type “IAM” into the search bar to go to the IAM console. Click the first entry of the results (IAM) under the “Services” section.
3. Check that your IAM dashboard looks like the screenshot—you should have 2FA enabled. If this is the case, the IAM dashboard shows two green checkmarks regarding the root user. If it looks different for you, check the appendix regarding enabling 2FA. If you did not start from a fresh account, it might show more users or groups.