8 AWS CLI Commands to Make IAM Management Easy

Photo by Alexandra K on Unsplash

Step Away From The GUI!!!

AWS Identity and Access Management (IAM)

When I first began to use AWS I use to login to the console and set users up through the console. But if you are managing multiple users and groups, this can get really cumbersome very quickly. I am going to walk you through how to setup and use the AWS CLI to make these tasks a lot easier. Lets first start with setting up your local environment to interact with AWS services.

Setting Up AWS CLI On Your Local Computer

  1. Download Homebrew
  2. Once Homebrew is setup open a terminal and type brew install python
  3. Next install the AWS CLI with the command pip install awscli

Before we can configure the CLI we will need to navigate to the IAM Console to create a new IAM user with admin credentials and access key and ID.

4. Navigate to back to the console and create a new user. Make sure you check the option to create access key and ID and follow the rest of the instructions to add the user to the appropriate user group.

5. Once the access key and ID is created save that information in a safe place making sure no one else has access to it.

Configuring the AWS CLI

That’s it! You should be ready interact with your AWS services.

Create, delete and manage passwords for IAM users

aws iam delete-user --user-name <UserName>

Yes its really that simple! Lets go through the first command together. Type aws iam create-user --user-name Susan

The output for the command is as follows:

{
“User”: {
“UserName”: “Susan”,
“Path”: “/”,
“CreateDate”: “2019–06–27T17:20:05Z”,
“UserId”: “MYUSERIDWOULDBEHERE”,
“Arn”: “arn:aws:iam::MYACCOUNTIDWOULDBEHERE:user/Susan”
}
}

After entering this command you can verify its creation by logging into your console and taking a look.

As you can imagine and see by the other command you can easily remove Susan’s account by swapping out create-user with delete-user.

Create, Delete and Reset Login Credentials

aws iam create-login-profile --user-name <UserName> --password <password>

aws iam delete-login-profile --user-name Alice

aws iam update-login-profile --user-name <UserName> --password <password>

Let’s set up Susan with a profile that allows her to access the AWS Console.
Type aws iam create-login-profile --user-name Susan --password DonGiovanni@Mozart

Confirm your output after entering the command:

{
“LoginProfile”: {
“UserName”: “Susan”,
“CreateDate”: “2019–06–27T17:34:01Z”,
“PasswordResetRequired”: false
}
}

If you wanted to keep the IAM user and remove access to signing into the console you can type in the second command without completely removing the IAM user. In addition, you can reset a password with the third command.

Create Access Keys

The output:

{
“AccessKey”: {
“UserName”: “Susan”,
“Status”: “Active”,
“CreateDate”: “2019–06–27T17:40:21Z”,
“SecretAccessKey”: “MYACCESSKEYWOULDNORMALLYGOHERE”,
“AccessKeyId”: “MYIDWOULDNORMALLYGOHERE”
}
}

Create Groups and Add Users to Groups

aws iam create-group --group-name <groupName>

aws iam add-user-to-group --group-name <groupName> --user-name <userName>