User Management (IAM) Using CLI..

  1. Home
  2. Blog
  3. Amazon AWS
  4. User Management (IAM) Using CLI
User Management (IAM) Using CLI | Blog | Adroit Information Technology Academy (AITA)

User Management (IAM) Using CLI

  • Posted: Mar 04, 2019
  • By: Admin
  • Category: Amazon AWS

AWS Identity and Access Management in short IAM is a function in which we create, delete, and modify a cloud user for any client. The IAM user property is used to provide specific access to the clients for specific purpose.

For example, in a production environment a client needs only S3 access nothing else, using IAM we can provide specific S3 access only. 

The following example shows, how we can configure this using CLI.

So for this the below mentioned steps need to be followed–

Create a user-

C:\Users\Sourav>aws iam create-user --user-name AITA

{

   "User": {

       "Path": "/",

       "UserName": "AITA",

       "UserId": "AIDAYUU3I26XIXWZMPSAA",

       "Arn": "arn:aws:iam::594104866734:user/AITA",

       "CreateDate": "2022-03-11T11:32:57+00:00"

   }

}

View the user-

C:\Users\Sourav>aws iam get-user --user-name AITA

{

   "User": {

       "Path": "/",

       "UserName": "AITA",

       "UserId": "AIDAYUU3I26XIXWZMPSAA",

       "Arn": "arn:aws:iam::594104866734:user/AITA",

       "CreateDate": "2022-03-11T11:32:57+00:00"

   }

}

Set a password for the user-

C:\Users\Sourav>aws iam create-login-profile --user-name AITA --password Z@123abc

{

   "LoginProfile": {

       "UserName": "AITA",

       "CreateDate": "2022-03-11T11:54:42+00:00",

       "PasswordResetRequired": false

   }

}

Provide the user access permission to S3 bucket only-

C:\Users\Sourav\Downloads>aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --user-name AITA

  1. Let’s see what the permission is 

C:\Users\Sourav\Downloads>aws iam list-attached-user-policies --user-name AITA

{

   "AttachedPolicies": [

       {

            "PolicyName": "AmazonS3FullAccess",

            "PolicyArn": "arn:aws:iam::aws:policy/AmazonS3FullAccess"

       }

   ]

}

 

Deleting a user from CLI is not simple as GUI, we have to follow the below mentioned steps to perform the delete action.

  • Delete the user login profile-

C:\Users\Sourav\Downloads>aws iam delete-login-profile --user-name AITA

  • Now detach the policy (if any) from the user-

C:\Users\Sourav\Downloads>aws iam detach-user-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --user-name AITA

  • Lastly delete the user-

C:\Users\Sourav\Downloads>aws iam delete-user --user-name AITA

Share:

Tags: AWS IAM S3

Adroit Information Technology Academy (AITA)