Monday, 14 April 2014

Log into the AWS console with an IAM user

This is another in a series of videos that I am producing for my YouTube channel HowDoYouDoStuff.


In this video, I am going to show you how to log into the AWS console with an IAM user


You can read the transcript below.


HTML 5 Player



Transcript

How do you log into the AWS console with an IAM user?

Hi guys. I'm Phil Stirpe.

In this video, I am going to show you how to log into the AWS console with an IAM user.

When you 1st create an account with Amazon web services you have a single master account.

This account is associated with an email address and credit card number for billing purposes. Most importantly, it has full access to your AWS cloud. That is to say full access to every AWS service available in the AWS cloud.

Clearly that is a very powerful user account. In fact you should make very little use of it.

If you consider that a typical organisation that uses Amazon web services might employ tens or hundreds of developers, testers, database administrators and other admins, they can’t all use a single account.

The solution is to use the Identity and Access Management or IAM service to create users and groups to better manage your cloud.

In this video I want to show you how to create a user and then access the AWS console using that user account.

So the 1st thing I need to do is log into the AWS console with my root or master account.

This involves me entering the email address associated with the account and password.

Furthermore I have enabled my master account for multifactor authentication – MFA. This isn’t required but is considered best practice. You can either get an app for your smartphone or alternatively you can purchase gemalto token from Amazon and associate it with your account.

In this case I’m using a token which gives me a unique code to enter into the 2nd screen.

Now that I’m logged in I can switch to the IAM console in order to create a user account. If I click on the Users link I can create a new user. Let me create a user named George. Note that I’m offered the option to generate an access key. I’m not going to select that and I’ll explain why in a moment.

You need to decide when you create a user what type of credential you want to use to prove identity. For example you might be creating a user account to be used by an application. In that case you might choose an access key.

As this user is intended for a person to connect to the AWS console, I’m going to define a password. Note that you can also specify MFA for user accounts too. This is also considered best practice.

Now that created a user account and specify the password it’s time to show you how to login.

IAM users cannot use the same URL to connect to the AWS console. That is intended for master accounts. Instead the URL should reflect the master account with which the IAM user account is associated.

You can locate the desired URL in the lower left-hand corner of the IAM console. As you can see, it includes the account number associated with your master account. This URL can be issued to your users in the form of a desktop shortcut for example.

Watch what happens when I navigate to this URL in a new window. As you can see, the login window is different. This time the account number is displayed and there are additional fields for the username and password.

Let me login as George.

You can now see that I’m authenticated as George in the AWS console. But what about privileges?

Let me try and launch an EC2 instance.

As you can see I’m not authorised to perform this operation. In fact if you look back at the EC2 Dashboard, there are many things that I am not authorised to do. By default IAM users have no privileges. Privileges must be assigned to IAM users or groups that IAM users are members of.

That will be the subject of a later video.

There you have it.

In this video, I have shown you how easy it is to log into the AWS console with an IAM user.

Thanks for watching and please feel free to comment on my blog (www.philipstirpe.com) and Facebook page (www.facebook.com/philip.stirpe.tutorials). Perhaps you could suggest more video topics? Most of all, don't forget to subscribe to keep up with my videos as I release them.

Bye for now.






Flash Player








See you soon

Phil Stirpé
"I don't do average!"






1 comment:

  1. Ngoài dịch vụ ship và order hàng nhật. Chúng tôi còn nhận chuyển hàng từ nhật về hà nội nhận chuyển hàng từ nhật về tphcm với chi phí cực kì rẻ. Và đặc biệt free ship tại các khu vực trong thành phố và thủ đô khi hàng về tới Việt Nam. Chúng tôi còn tạo điều kiện cho các doanh nghiệp có thể nhập khẩu hàng hóa từ nhật bản để kinh doanh với mức chi phí nhận chuyển hàng từ nhật bản về việt nam hoặc order hàng từ nhật về việt nam rất rẻ
    Từ lâu nay, dịch vụ order hàng nhật đang và đã được nhiều khách hàng sử dụng. Với độ tin cậy, chi phí thấp được sự ung hộ và giới thiệu của rất nhiều khách hàng.
    Cùng nhau mua sắm với fado - mua hàng trên amazon ship về việt nam , từng bừng trong những ngày tết.
    Ngoài ra chúng tôi còn nhận mua hộ hàng nhật mua hàng trên web nhật gửi về Việt Nam với chi phí thấp. Hy vọng dịch vụ chuyển đồ từ nhật về việt nam sẽ được nhiều người yêu thích.

    ReplyDelete