Create IAM Users - AWS Application Discovery Service

Create IAM Users

When you create an AWS account, you get a single sign-in identity that has complete access to all of the AWS services and resources in the account. This identity is called the AWS account root user. Signing in to the AWS Management Console using the email address and password that you used to create the account gives you complete access to all of the AWS resources in your account.

We strongly recommend that you not use the root user for everyday tasks, even the administrative ones. Instead, follow the security best practice Create Individual IAM Users and create an AWS Identity and Access Management (IAM) administrator user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks.

In addition to creating an administrative user you'll also need to create non-administrative IAM users. The following topics explain how to create both types of IAM users.

Creating an IAM Administrative User

By default, an administrator account inherits all of the policies required for accessing Application Discovery Service.

To create an administrator user

Creating an IAM Non-Administrative User

When creating non-administrative IAM users, follow the security best practice Grant Least Privilege, granting users minimum permissions.

Use IAM managed policies to define the level of access to Application Discovery Service by non-administrative IAM users. For information about Application Discovery Service managed policies, see AWS managed policies for AWS Application Discovery Service.

To create a non-administrator IAM user
  1. In AWS Management Console, navigate to the IAM console.

  2. Create a non-administrator IAM user by following the instructions for creating a user with the console as described in Creating an IAM user in your AWS account in the IAM User Guide.

    While following the instructions in the IAM User Guide:

    • When on the step about selecting the type of access, select Programmatic access. Note, while not recommended, only select AWS Management Console access if you plan to use the same IAM user credentials for accessing the AWS console.

    • When on the step about the Set permission page, choose the option to Attach existing policies to user directly. Then select a managed IAM policy for Application Discovery Service from the list of policies. For information about Application Discovery Service managed policies, see AWS managed policies for AWS Application Discovery Service.

    • When on the step about viewing the user's access keys (access key IDs and secret access keys), follow the guidance in the Important note about saving the user's new access key ID and secret access key in a safe and secure place.