Step Away From The GUI!!!
GUIs are great. When I began to learn technology the GUI was a great place to start to learn about how a software, system, etc. works. However, as I began to become more comfortable with technology I really just wanted computers to do what I asked them to do. If I am learning a new software or service I still will start with a GUI (if available) in order to visualize and piece all of the moving parts together. Now I find that I often get distracted and sometimes jumbled up in GUIs.
AWS Identity and Access Management (IAM)
IAM is a service that allows you to create and manage access to your Amazon Web Services account. Within an AWS there is a console that allows you to manage all of this from a centralized location.
When I first began to use AWS I use to login to the console and set users up through the console. But if you are managing multiple users and groups, this can get really cumbersome very quickly. I am going to walk you through how to setup and use the AWS CLI to make these tasks a lot easier. Lets first start with setting up your local environment to interact with AWS services.
Setting Up AWS CLI On Your Local Computer
There are a number of different ways to set this up depending on your operating system. I am using a MAC so I will use those steps, but you can get the instructions for your operating system here.
- Download Homebrew
- Once Homebrew is setup open a terminal and type
brew install python
- Next install the AWS CLI with the command
pip install awscli
Before we can configure the CLI we will need to navigate to the IAM Console to create a new IAM user with admin credentials and access key and ID.
4. Navigate to back to the console and create a new user. Make sure you check the option to create access key and ID and follow the rest of the instructions to add the user to the appropriate user group.
5. Once the access key and ID is created save that information in a safe place making sure no one else has access to it.
Configuring the AWS CLI
To configure AWS CLI enter the command
aws configure . Once you have enter that command, you will be prompted to enter your Access ID, Access Key, default region and output format. There are a number of different output options but I recommend JSON.
That’s it! You should be ready interact with your AWS services.
Create, delete and manage passwords for IAM users
aws iam create-user --user-name <UserName>
aws iam delete-user --user-name <UserName>
Yes its really that simple! Lets go through the first command together. Type
aws iam create-user --user-name Susan
The output for the command is as follows:
After entering this command you can verify its creation by logging into your console and taking a look.
As you can imagine and see by the other command you can easily remove Susan’s account by swapping out create-user with delete-user.
Create, Delete and Reset Login Credentials
In the previous example all we did was create an IAM user that has access to nothing. Susan would not be able to login to the console without setting a login profile.
aws iam create-login-profile --user-name <UserName> --password <password>
aws iam delete-login-profile --user-name Alice
aws iam update-login-profile --user-name <UserName> --password <password>
Let’s set up Susan with a profile that allows her to access the AWS Console.
aws iam create-login-profile --user-name Susan --password DonGiovanni@Mozart
Confirm your output after entering the command:
If you wanted to keep the IAM user and remove access to signing into the console you can type in the second command without completely removing the IAM user. In addition, you can reset a password with the third command.
Create Access Keys
Okay now lets set Susan up with access keys. Type the following command
aws iam create-access-key --user-name Susan
Create Groups and Add Users to Groups
In order to manage access to resources, it is a good idea to create meaningful groups so that you give users access depending on the groups they are in rather than by each user. Below are the command to create a group and add users to already created groups.
aws iam create-group --group-name <groupName>
aws iam add-user-to-group --group-name <groupName> --user-name <userName>