Before we introduce this recipe, we need to talk briefly about Identity and Access Management (IAM). It's free and is enabled on every account. It allows you to create groups and users and allows you to control exactly what they can and can't do using policy assignment.

By default, groups and users will have no permissions until you assign them either an AWS Managed Policy or a Customer Managed Policy (one which you manage). You'll want to use AWS Managed Policies as much as possible to avoid having to create and maintain your own.

You pretty much never want to assign a policy directly to a user. If you go down this path, you'll create a lot of work for yourself in the future. Instead, you want to apply policies to groups and then assign users to those groups. Fortunately, it's a pretty easy process and we're about to walk you through it.

The IAM dashboard provides a URL that your IAM users can use to log in to the web console (if you've assigned them a password and given them access to do so). You can also customize this IAM sign-in link if necessary. Don't forget to give this URL to any IAM users you create so they know where to go to sign in.

It will look something like this until you customize it:

https://<account-id>.signin.aws.amazon.com/console

Now, jump right in. There's no excuse for not using IAM. Start today!