In this section, we will create and configure accounts for different individuals who need access to AWS. For now, we will keep things simple and only create an account for ourselves, as follows:
- Navigate to the Identity and Access Management menu in the AWS console (https://console.aws.amazon.com/iam/).
- Choose Users from the navigation pane.
- Create a new user (for you), and make sure to keep the Generate an access key for each user checkbox checked.
- On the next screen, click on Download Credentials and then close.
- Back in the Users menu, click on your user to access the Details page.
- In the Permissions tab, click on Attach Policy.
- Select the checkbox next to AdministratorAccess. Then, click on Attach Policy. You will end up with a screen looking like this:
The last thing we need to do is add a password and turn on MFA for this account, as follows:
- Navigate to the Security Credentials tab.
- Click on Manage Password and follow the instructions.
- Once you're done adding a password, click on Manage MFA Device.
- Select A Virtual MFA Device and follow the remaining instructions in order to turn on MFA on your newly created account.
At this point, you are ready to start using the newly created user account. The important thing to note is that signing in with an IAM user account is different from the root account. The main difference is that you sign in using a different URL:
- Navigate to https://console.aws.amazon.com/iam/home#home or click on Dashboard in the Identity and Access Management menu.
- You will see your unique sign-in URL under IAM users sign-in link. Feel free also to customize the link. Save this new URL in your bookmarks, and from now on, use this link to sign into the AWS console.
- Sign out from the root account.
- Sign back in, but this time, using your IAM user account (https://AWS-account-ID-or-alias.signin.aws.amazon.com/console).
Do not share your access key and secret key
By going through those steps, we enforced the use of MFA to access the AWS console with our IAM user. We now need two factors (the password and the MFA token) to access the console. That said we also created an access key which is far less secure. Anyone in possession of the secret key and access key (both present in the credentials.csv) will have full administrative access to the AWS account. Make sure never to share these credentials online. In Chapter 8, Hardening the Security of Your AWS Environment, we will make a few changes to protect this key better and require the use of MFA to gain administrator privileges.
By going through those steps, we enforced the use of MFA to access the AWS console with our IAM user. We now need two factors (the password and the MFA token) to access the console. That said we also created an access key which is far less secure. Anyone in possession of the secret key and access key (both present in the credentials.csv) will have full administrative access to the AWS account. Make sure never to share these credentials online. In Chapter 8, Hardening the Security of Your AWS Environment, we will make a few changes to protect this key better and require the use of MFA to gain administrator privileges.
The next step in configuring our account is to configure our computers to interact with AWS using the command-line interface.