Table Of Contents

Feedback

User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . iam ]

create-user

Description

Creates a new IAM user for your AWS account.

For information about limitations on the number of IAM users you can create, see Limitations on IAM Entities in the IAM User Guide .

See also: AWS API Documentation

Synopsis

  create-user
[--path <value>]
--user-name <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

Options

--path (string)

The path for the user name. For more information about paths, see IAM Identifiers in the IAM User Guide .

This parameter is optional. If it is not included, it defaults to a slash (/).

This paramater allows (per its regex pattern ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (u0021) thru the DEL character (u007F), including most punctuation characters, digits, and upper and lowercased letters.

--user-name (string)

The name of the user to create.

This parameter allows (per its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

Examples

To create an IAM user

The following create-user command creates an IAM user named Bob in the current account:

aws iam create-user --user-name Bob

Output:

{
    "User": {
        "UserName": "Bob",
        "Path": "/",
        "CreateDate": "2013-06-08T03:20:41.270Z",
        "UserId": "AKIAIOSFODNN7EXAMPLE",
        "Arn": "arn:aws:iam::123456789012:user/Bob"
    }
}

For more information, see Adding a New User to Your AWS Account in the Using IAM guide.

Output

User -> (structure)

A structure with details about the new IAM user.

Path -> (string)

The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.

UserName -> (string)

The friendly name identifying the user.

UserId -> (string)

The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.

Arn -> (string)

The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the Using IAM guide.

CreateDate -> (timestamp)

The date and time, in ISO 8601 date-time format , when the user was created.

PasswordLastUsed -> (timestamp)

The date and time, in ISO 8601 date-time format , when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the Credential Reports topic in the Using IAM guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value) then it indicates that they never signed in with a password. This can be because:

  • The user never had a password.
  • A password exists but has not been used since IAM started tracking this information on October 20th, 2014.

A null does not mean that the user never had a password. Also, if the user does not currently have a password, but had one in the past, then this field contains the date and time the most recent password was used.

This value is returned only in the get-user and list-users actions.