|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
This topic shows you how to give access to your AWS resources by creating users under your AWS account. First, you'll learn concepts you should understand before you create groups and users, and then you'll walk through how to perform the necessary tasks using the AWS Management Console. The first task is to set up an administrators group for your AWS account. Having an administrators group for your AWS account isn't required, but we strongly recommend it.
The following figure shows a simple example of an AWS account with three groups. A group is a collection of users who have similar responsibilities. In this example, one group is for administrators (it's called Admins). There's also a Developers group and a Test group. Each group has multiple users. Each user can be in more than one group, although the figure doesn't illustrate that. You can't put groups inside other groups. You use policies to grant permissions to groups.
In the procedure that follows, you will perform the following tasks:
Create an Admins group
Create the policy controlling permissions for the group
Create or add the users who will be in the Admins group
Create access keys for users who need them
Create passwords for users who need them
You will grant the Admins group permission to access all your available AWS account resources. Available resources are any AWS products you use, or that you are signed up for. Users cannot access your AWS account information, including the following:
Account profile information
Billing and metering information
You should create a user for yourself and add it to your Admins group. Then, after you establish the Admins group and yourself as a user in the group, all interaction with your AWS account should be at the user level, not at the AWS account level. Limiting the use of your AWS account credentials will help ensure that when you want to rotate credentials for a user or for the AWS account, potential impact is limited. For more information about the credentials and the security benefits of rotating credentials, go to Administering Access Keys for IAM Users in Using IAM.