Creating your first Identity and Access Management User, Group, Role

Last Updated: February 2021

Author: Ben Potter, Security Lead, Well-Architected

This lab has been retired. It is strongly recommended you centralize your identities instead of using IAM Users. If you have more than a single test account for personal use, use AWS Single Sign-On or an identity provider configured in IAM, instead of IAM users. IAM users should not have access keys, for Command Line Interface (CLI) you should instead assume a role, or use integration with AWS Single Sign-on making it easy to get short term credentials for CLI use without needing to store long lived credentials. Use separate accounts for development/test and production, If you don’t have an existing organizational structure with AWS Organizations, AWS Control Tower is the easiest way to get started. For more information see Security Foundations and Identity and Access Management in the AWS Well-Architected security whitepaper.