AWS Elemental MediaLive
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Creating a Non-Administrator IAM User

This section shows how to create non-administrator IAM users and grant those users the following permissions:

  • Full read/write access to the following AWS services and features:

    • AWS Elemental MediaLive

    • AWS Elemental MediaConnect

    • AWS Elemental MediaPackage

    • Amazon CloudWatch

    • Amazon CloudWatch Events

    • Amazon CloudWatch Logs

    • Amazon EC2

    • AWS Systems Manager

    • AWS Resource Groups

    • Amazon SNS

    • Amazon VPC

  • Limited access to AWS IAM. Users of AWS Elemental MediaLive need some access to IAM in order to use the MediaLive console to set up MediaLive as a trusted entity. This setup is always required when using MediaLive. For more information, see Setting up AWS Elemental MediaLive as a Trusted Service.

Warning

These permissions are broad. You should set up only a few users with these permissions and only for the pre-production period of using MediaLive. For information about setting up users for standard production use, see Setting Up: IAM Permissions for AWS Elemental MediaLive for a Production Environment.

To set up an IAM user, you follow three main steps

  1. Create customer managed policies.

  2. Create a group and attach the policies to the group.

  3. Create users and add the users to the group.

Policies grant permissions. Policies are attached to a group. Users belong to a group. Therefore, the users have the permissions of the policies that are attached to the group.

The following diagram shows this relationship.