Menu
AWS Cloud9
User Guide

Team Setup for AWS Cloud9

To set up to use AWS Cloud9, follow one of these sets of procedures, depending on how you plan to use AWS Cloud9.

Usage pattern Follow these procedures

I will always be the only one using my own AWS account, and I don't need to share my AWS Cloud9 development environments with anyone else.

Express Setup

Multiple people will be using a single AWS account to create and share environments within that account.

This topic

Multiple people will be using a single AWS account, and I need to restrict creating environments within that account to control costs.

Advanced Setup for Teams

To set up for multiple people to use AWS Cloud9 in a single AWS account, start with one of the following steps, depending on which AWS resources you already have.

Do you have an AWS account? Do you have an IAM group and user in that account? Start with this step

No (or Not Sure)

--

Step 1: Create an AWS Account

Yes

No (or Not Sure)

Step 2: Create an IAM Group and User, and Add the User to the Group

Yes

Yes

Step 3: Add AWS Cloud9 Access Permissions to the Group

Step 1: Create an AWS Account

Your organization may already have an AWS account set up for you. If your organization has an AWS account administrator, check with that person before starting the following procedure. If you already have an AWS account, skip ahead to Step 2: Create an IAM Group and User, and Add the User to the Group.

To watch a 4-minute video related to the following procedure, see Creating an Amazon Web Services Account on the YouTube website.

To create an AWS account

  1. Go to https://aws.amazon.com.

  2. Choose Sign In to the Console.

  3. Choose Create a new AWS account.

  4. Complete the process by following the on-screen directions. This includes giving AWS your email address and credit card information. You must also use your phone to enter a code that AWS gives you.

After you finish creating the account, AWS will send you a confirmation email. Do not go past this step until you get this confirmation.

Step 2: Create an IAM Group and User, and Add the User to the Group

We do not recommend using your AWS account root user to access AWS Cloud9. Instead, we recommend you use AWS Identity and Access Management (IAM) to control access to your AWS account. IAM offers features such as granular permissions and multi-factor authentication. And IAM is a feature of your AWS account offered at no additional charge. For more information, see IAM Features in the IAM User Guide.

In this step, you will create a group and a user in AWS Identity and Access Management (IAM), add the user to the group, and then use the user to access AWS Cloud9. This is an AWS security best practice. For more information, see IAM Best Practices in the IAM User Guide.

If you already have an IAM group and user, skip ahead to Step 3: Add AWS Cloud9 Access Permissions to the Group.

Note

Your organization may already have an IAM group and user set up for you. If your organization has an AWS account administrator, check with that person before starting the following procedures.

To watch a 9-minute video related to the following procedures, see How do I set up an IAM user and sign in to the AWS Management Console using IAM credentials on the YouTube website.

Step 2.1: Create an IAM Group

  1. Sign in to the AWS Management Console, if you are not already signed in.

    We recommend you sign in using credentials for an IAM administrator user in your AWS account. An IAM administrator user has similar AWS access permissions to an AWS account root user and avoids some of the associated security risks. If you cannot sign in as an IAM administrator user, check with your AWS account administrator. For more information, see the following in the IAM User Guide:

  2. Open the IAM console. To do this, in the console's navigation bar, choose Services. Then choose IAM.

  3. In the IAM console's navigation pane, choose Groups.

  4. Choose Create New Group.

  5. On the Set Group Name page, for Group Name, type a name for the new group.

  6. Choose Next Step.

  7. On the Attach Policy page, choose Next Step without attaching any policies. (You will attach a policy in Step 3: Add AWS Cloud9 Access Permissions to the Group.)

  8. Choose Create Group.

    Note

    We recommend that you create a separate AWS Cloud9 users group and AWS Cloud9 administrators group. This AWS security best practice can help you better control, track, and troubleshoot issues with AWS resource access.

Step 2.2: Create an IAM User, and Add the User to the Group

  1. With the IAM console open from the previous procedure, in the navigation pane, choose Users.

  2. Choose Add user.

  3. On the Details page, for User name, type a name for the new user.

    Note

    You can create multiple users at the same time by choosing Add another user. The other settings in this procedure apply to each of these new users.

  4. Select Programmatic access and AWS Management Console access. This allows the new user to use the AWS API, AWS CLI, AWS SDKs, other AWS development tools, and AWS service consoles.

  5. Leave the default choice of Autogenerated password, which creates a random password for the new user to sign in to the console. Or choose Custom password and type a specific password for the new user.

  6. Leave the default choice of Require password reset, which allows the new user to change their password after they sign in to the console for the first time.

  7. Choose Next: Permissions.

  8. On the Permissions page, leave the default choice of Add users to group.

  9. In the list of groups, select the box (not the name) next to the group you want to add the user to.

  10. Choose Next: Review. (You will set permissions in Step 3: Add AWS Cloud9 Access Permissions to the Group.)

  11. On the Review page, choose Create user (or Create users for multiple users).

  12. On the Complete page, do one of the following:

    • Next to each new user, choose Send email, and follow the on-screen directions to email the new user their console sign in URL and user name. Then communicate to each new user their console sign in password, AWS access key ID, and AWS secret access key separately.

    • Choose Download .csv. Then communicate to each new user their console sign in URL, console sign in password, AWS access key ID, and AWS secret access key that is in the downloaded file.

    • Next to each new user, choose Show for both Secret access key and Password. Then communicate to each new user their console sign in URL, console sign in password, AWS access key ID, and AWS secret access key.

    Note

    If you do not choose Download .csv, this is the only time you can view the new user's AWS secret access key and console sign in password. To generate a new AWS secret access key or console sign in password for the new user, see the following in the IAM User Guide:

Step 3: Add AWS Cloud9 Access Permissions to the Group

By default, most IAM groups and users do not have access to AWS Cloud9. (An exception is IAM groups and IAM administrator users, which have access to all AWS services in their AWS account by default.) In this step, you use the IAM console to add AWS Cloud9 access permissions directly to an IAM group to which one or more users belong, so that you can ensure those users can access AWS Cloud9.

If you already have an IAM user you want to use, and that user belongs to an IAM administrator group, skip ahead to Step 4: Sign in to the AWS Cloud9 Console.

Note

Your organization may already have a group set up for you with the appropriate access permissions. If your organization has an AWS account administrator, check with that person before starting the following procedure.

  1. Sign in to the AWS Management Console, if you are not already signed in.

    For this step, we recommend you sign in using credentials for an IAM administrator user in your AWS account. If you cannot do this, check with your AWS account administrator.

  2. Open the IAM console. To do this, in the console's navigation bar, choose Services. Then choose IAM.

  3. Choose Groups.

  4. Choose the group's name.

  5. Decide whether you want to add AWS Cloud9 user or AWS Cloud9 administrator access permissions to the group. These permissions will apply to each user in the group.

    AWS Cloud9 user access permissions allow each user in the group to do the following things within their AWS account:

    • Create their own AWS Cloud9 development environments.

    • Get information about their own environments.

    • Change the settings for their own environments.

    AWS Cloud9 administrator access permissions allow each user in the group to do additional things within their AWS account, such as:

    • Create environments for themselves or others.

    • Get information about environments for themselves or others.

    • Delete environments for themselves or others.

    • Change the settings of environments for themselves or others.

    Note

    We recommend that you add only a limited number of users to the AWS Cloud9 administrators group. This AWS security best practice can help you better control, track, and troubleshoot issues with AWS resource access.

  6. On the Permissions tab, for Managed Policies, choose Attach Policy.

  7. In the list of policy names, choose the box next to AWSCloud9User for AWS Cloud9 user access permissions or AWSCloud9Administrator for AWS Cloud9 administrator access permissions. (If you don't see either of these policy names in the list, type the policy name in the Filter box to display it.)

  8. Choose Attach Policy.

To see the list of access permissions that these AWS managed policies give to a group, see AWS Managed (Predefined) Policies.

Step 4: Sign in to the AWS Cloud9 Console

After you complete the previous steps in this topic, you are ready to sign in to the AWS Cloud9 console and start using it.

  1. If you are already signed in to the AWS Management Console as an AWS account root user, sign out of the console.

  2. Go to https://console.aws.amazon.com/cloud9/.

  3. If prompted, type the AWS account number for the IAM user you created or identified earlier, and then choose Next.

    Note

    If you do not see an option for typing the AWS account number, choose Sign in to a different account. Type the AWS account number on the next page, and then choose Next.

  4. If prompted, type the user name and password of the IAM user you created or identified earlier, and then choose Sign In.

  5. If prompted, follow the on-screen directions to change your user's initial sign-in password. Save your new sign-in password in a secure location.

You have now successfully signed in, and the AWS Cloud9 console is displayed. You can begin experimenting with AWS Cloud9 by following the steps in the Tutorial.