Creating your first Identity and Access Management User, Group, Role

Last Updated: February 2021

Author: Ben Potter, Security Lead, Well-Architected

This lab has been retired. It is strongly recommended you centralize your identities instead of using IAM Users. If you have more than a single test account for personal use, use AWS Single Sign-On or an identity provider configured in IAM, instead of IAM users. IAM users should not have access keys, for Command Line Interface (CLI) you should instead assume a role, or use integration with AWS Single Sign-on making it easy to get short term credentials for CLI use without needing to store long lived credentials. Use separate accounts for development/test and production, If you don’t have an existing organizational structure with AWS Organizations , AWS Control Tower is the easiest way to get started. For more information see Security Foundations and Identity and Access Management in the AWS Well-Architected security whitepaper.