Create users and roles - AWS SDK for .NET

Do you want to deploy your .NET applications to AWS in just a few simple clicks? Try our new .NET CLI tooling for a simplified deployment experience! Read our blog post and submit your feedback on GitHub!

For additional information, see the section for the deployment tool in this guide.

Create users and roles

As a result of creating an AWS account, you have (at least) two user accounts:

  • Your root user account, which was created for you and has full access to everything.

  • An administrative user account, which you created and gave full access to almost everything.

Neither of these user accounts is appropriate for doing .NET development on AWS or for running .NET applications on AWS. As such, you need to create user accounts and service roles that are appropriate for these tasks.

The specific user accounts and service roles that you create, and the way in which you use them, will depend on the requirements of your applications. The following are some of the simplest types of user accounts and service roles, and some information about why they might be used and how to create them.

User accounts

You can use a user account with long-term credentials to access AWS services through your application. This type of access is appropriate if a single user will be using your application (you, for example). The most common scenario for using this type of access is during development, but other scenarios are possible.

The process for creating a user varies depending on the situation, but is essentially the following.

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. Choose Users, and then choose Add user.

  3. Provide a user name.

  4. Under Select AWS access type, select Programmatic access, and then choose Next: Permissions.

  5. Choose Attach existing policies directly, and then select the appropriate policies for the AWS services that your application will use.

    Warning

    Do NOT choose the AdministratorAccess policy because that policy enables read and write permissions to almost everything in your account.

  6. Choose Next: Tags and enter any tags you want.

    You can find information about tags in Control access using AWS resource tags in the IAM User Guide.

  7. Choose Next: Review, and then choose Create user.

  8. Record the credentials for the new user. You can do this by downloading the cleartext .csv file or by copying and pasting the access key ID and secret access key.

    These are the credentials that you will need for your application.

    Warning

    Use appropriate security measures to keep these credentials safe and rotated.

You can find high-level information about IAM users in Identities (users, groups, and roles) in the IAM User Guide. Find detailed information about users in that guide's IAM users topic.

Service roles

You can set up an AWS service role to access AWS services on behalf of users. This type of access is appropriate if multiple people will be running your application remotely; for example, on an Amazon EC2 instance that you have created for this purpose.

The process for creating a service role varies depending on the situation, but is essentially the following.

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. Choose Roles, and then choose Create role.

  3. Choose AWS service, find and select EC2 (for example), and then choose the EC2 use case (for example).

  4. Choose Next: Permissions, and select the appropriate policies for the AWS services that your application will use.

    Warning

    Do NOT choose the AdministratorAccess policy because that policy enables read and write permissions to almost everything in your account.

  5. Choose Next: Tags and enter any tags you want.

    You can find information about tags in Control access using AWS resource tags in the IAM User Guide.

  6. Choose Next: Review and provide a Role name and Role description. Then choose Create role.

You can find high-level information about IAM roles in Identities (users, groups, and roles) in the IAM User Guide. Find detailed information about roles in that guide's IAM roles topic.