Creating a non-administrator IAM user - AWS Elemental MediaLive

Creating a non-administrator IAM user

This section shows how to create non-administrator IAM users and grant those users the following permissions:

  • Full read/write access to the following AWS services and features:

    • AWS Elemental MediaLive

    • AWS Elemental MediaConnect

    • AWS Elemental MediaPackage

    • Amazon CloudWatch

    • Amazon CloudWatch Events

    • Amazon CloudWatch Logs

    • Amazon EC2

    • AWS Systems Manager

    • AWS Resource Groups

    • Amazon SNS

    • Amazon VPC

  • Limited access to AWS IAM. Users of AWS Elemental MediaLive need some access to IAM in order to use the MediaLive console to set up MediaLive as a trusted entity. This setup is always required when using MediaLive. For more information, see Setting up AWS Elemental MediaLive as a trusted service.


These permissions are broad. You should set up only a few users with these permissions and only for the pre-production period of using MediaLive. For information about setting up users for standard production use, see Setting up: IAM permissions for AWS Elemental MediaLive for a production environment.

To set up an IAM user, you follow three main steps:

  • Create customer managed policies.

  • Create a group and attach the policies to the group.

  • Create users and add the users to the group.

Policies grant permissions. Policies are attached to a group. Users belong to a group. Therefore, the users have the permissions of the policies that are attached to the group.

The following diagram shows this relationship.