AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You can use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
To run the terraform scripts, you need an IAM user with the following permissions:
These permissions can be directly added to the user or via IAM Group.
Once we have an AWS account, we’ll need to create an IAM user to programmatically interact with it and configure the AWS CLI (command-line interface). Amazon IAM enables you to manage users and user permissions in AWS. You can create one or more IAM users in your AWS account. You might create an IAM user for someone who needs access to your AWS console or when you have a new application that needs to make API calls to AWS. This is to add an extra layer of security to your AWS account.
Creating an IAM User
- Navigate to your AWS account.
- Select IAM from the list of services from the AWS console. The IAM dashboard screen appears.
- Select Users from the Access management menu on the left.
- Select Create Users. The Specify user details screen appears.
- Enter the user name for the new user and other necessary details.
- Check the Access key - Programmatic access option under the Select AWS access type section. This is the sign-in name for AWS. If you want to add multiple users, choose to Add another user for each additional user and specify their user names. You can add up to 10 users at one time. This account will be used by your AWS CLI and will be connecting to the AWS API directly by not using the Management Console.
- Select Next: Permissions.
- Select Attach existing policies directly.
- Filter the policies by keyword,
IAM. For this user, select
IAMFullAccessfrom the list of available policies.
IAMFullAccesspolicy enables this user to create and manage user permissions in AWS.
- Set the user permissions.
- Search for AdministratorAccess and select the policy.
- Search for AmazonAPIGatewayAdministrator and select the policy.
- Search for AmazonS3FullAccess and select the policy.
- Select Next: Tags.
- Provide key name and value as tagging for the user been created.
- Select Next: Review.
- Select Create user.
- After user is created go to the Security Credentials tab
- Select Create Access key
- Select other on the list
- Select show to reveal the secret access key.
- Download and save the Secret access key.
- Take a note of the Access key ID and Secret access key.
Now, let’s configure the AWS CLI to deploy our applications from the command line. Refer Creating an IAM User page for creating an IAM user through CLI and API methods.