Creating an AWS OpsWorks Stacks Administrative User

Important

The AWS OpsWorks Stacks service reached end of life on May 26, 2024 and has been disabled for both new and existing customers. We strongly recommend customers migrate their workloads to other solutions as soon as possible. If you have questions about migration, reach out to the AWS Support Team on AWS re:Post or through AWS Premium Support.

You can create an AWS OpsWorks Stacks administrative user by adding the AWSOpsWorks_FullAccess policy to a user, which grants that user AWS OpsWorks Stacks Full Access permissions. For more information about creating an administrative user, see Create an administrative user.

Note

The AWSOpsWorks_FullAccess policy allows users to create and manage AWS OpsWorks Stacks stacks, but users cannot create an IAM service role for the stack; they must use an existing role. The first user to create a stack must have additional IAM permissions, as described in Administrative Permissions. When this user creates the first stack, AWS OpsWorks Stacks creates an IAM service role with the required permissions. Thereafter, any user with opsworks:CreateStack permissions can use that role to create additional stacks. For more information, see Allowing AWS OpsWorks Stacks to Act on Your Behalf.

When you create a user, you can add additional customer-managed policies to fine-tune the user's permissions, as needed. For example, you might want an administrative user to be able to create or delete stacks, but not import new users. For more information, see Managing AWS OpsWorks Stacks Permissions by Attaching an IAM Policy.

If you have multiple administrative users, instead of setting permissions separately for each user, you can add the AWSOpsWorks_FullAccess policy to an IAM group and add the users to that group.

For information about creating a group, see Creating IAM user groups. When you create the group, add the AWSOpsWorks_FullAccess policy. You can also add the AdministratorAccess policy, which includes the AWSOpsWorks_FullAccess permissions.

For information about adding permissions to an existing group, see Attaching a policy to an IAM user group.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Managing Users

Creating IAM users