How To Set Up AWS IAM for A Team Using the AWS CLI

Introduction

This guide will walk you through configuring AWS Identity and Access Management (IAM) for a DevOps team.

This setup includes creating a group, assigning policies, creating a user, and setting up login credentials.

Step One: Configuring AWS CLI

First, ensure the AWS Command Line Interface (CLI) is configured. This will allow you to run AWS commands from your terminal.

aws configure

You will be prompted to enter your AWS Access Key, Secret Key, region, and output format. This step is essential for authenticating your AWS CLI with your AWS account.

Step Two: Creating an IAM Group

Next, create a group named DevOps. This group will contain all the IAM users who need specific permissions related to DevOps tasks.

aws iam create-group --group-name DevOps

Step Three: Attaching Policies to the Group

Attach necessary policies to the DevOps group. These policies will grant the required permissions to the group's users.

1. AmazonS3FullAccess: Grants full access to Amazon S3.
2. AmazonEC2ReadOnlyAccess: Grants read-only access to Amazon EC2.
3. IAMUserChangePassword: Allows users to change their passwords.

aws iam attach-group-policy --group-name DevOps --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
aws iam attach-group-policy --group-name DevOps --policy-arn arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
aws iam attach-group-policy --group-name DevOps --policy-arn arn:aws:iam::aws:policy/IAMUserChangePassword

Step Four: Creating a New IAM User

Create a new IAM user named alexis.chance.

aws iam create-user --user-name alexis.chance

Step Five: Adding the User to the Group

Add the user alexis.chance to the DevOps group.

aws iam add-user-to-group --user-name alexis.chance --group-name DevOps

Step Six: Creating a Login Profile for the User

Finally, create a login profile for the user alexis.chance. This will set up a password for console access. The — password-reset-required flag forces users to change their password upon the first login.

aws iam create-login-profile --user-name alexis.chance --password Password123! --password-reset-required

Share the Console sign-in link, as shown in the screenshot, with Alexis Change and the temporary password, Password123!‬, asking Alexis to reset her password following the prompts.

In Conclusion

You have successfully configured IAM for a DevOps team by following these steps. You created a group with specific permissions, added a user, and set up login credentials. This setup ensures that your DevOps team has the necessary access to perform their tasks efficiently and securely. Happy Learning, and God bless you!