In the First Part of AWS IAM Service Article we have discussed What is IAM Service and how it is very important, now in this article we will discuss about IAM Users and Groups in detailed with practical example.
As we discussed before, when we create AWS account Root user created by default, but it is not a good practice to use Root Account for regular activities and also it is worst practice to share root access to anyone. instead of share or use root access, we can create one user or Group with only access which are needed to that user.

there are two main approaches to give permission to any user

  • Create a user and give directly permissions to that user.
  • Create a group with needed permissions and add one or multiple users to that group.

Let’s create one Group with AWS Administrative Access and add user to that group.

(1) Login into your AWS Account using Root Account Id Password (using root account because we have not any IAM user with Appropriate Access) and go to the IAM service then go to the user groups then click on the create group, see below screenshot.

Create AWS IAM Groups By Hemang Dave

(2) Set Appropriate Group name, we are using Project_Managers as a group name here.

AWS IAM Service Create Groups By Hemang Dave

(3) Add Users to that Group (it is optional step for now we can add or delete users from the group later also. )

AWS IAM Service By Hemang Dave

(4) Attach Permissions to the group here I am selecting Administrative Permission for example (it is also a optional Step for now we can add or remove any permissions to the group later)

IAM Service By Hemang Dave

(5) once you submit the form , group will be created you can add multiple users and multiple permissions to this group later.

IAM Service By Hemang Dave

Create IAM user and add permission directly to the user

(1) Click on the users then create users button on the IAM Service Dashboard.

How to Create IAM Users

(2) There are 4 Steps to create an IAM user
First step is add User Details like name user type , password etc. just because we are creating an IAM user so don’t forgot to checked the Provide user access to the AWS Management Console option it is totally optional but we are creating the user for access AWS console so we have to checked this option then click on I want to create an IAM user.


Then you can see some password related settings filed will populate , please select fields according to your need and set password. then click on the next button.

Set User Password Aws Iam Polices

(3) second step is Set Permission to the user, well there are 3 method to set permissions to the user

  • Add User to Group.
  • Copy Permissions from the existing users.
  • Attach policy directly.

You can select any options from the above , but AWS recommend the First option , Add user to group and it is the good practice to add user to the group instead of set permission directly to the user.

Add Iam User to the Group
Copy Permissions from the existing user AWS IAM Policies
Attach Policy Directly to the User  IAM Policies AWS

(4) then review your IAM User and click on the Create User Button.

Review IAM User.  AWS

(5) you will get the Login URL , Username and Password on the last screen copy them and try to Login With your First IAM user.

That’s all for this Article , try it out and let me know if you will face any difficulty to Create an IAM user or Group.

Note: Comment Section is always Open for any kind of Correction or Suggestions. Har Har Mahadev.

Categorized in: