This simple process consists of just TWO steps:
- Create a new security policy.
- Create a new IAM user and attach the new policy to this user.
NOTE: The steps in this section must be performed using your primary (root) AWS account.
You will need your AWS Account Id for use in Step 1. Follow these steps to get it.
STEP 1 – Create New Security Policy
-
- Click the “Services” link in the top left corner and from the resulting list, select the IAM service.
- Select the “Policies” section in the left navigation bar and click the “Create Policy” button.
- On the next page, select the “JSON” tab. Enter (copy-paste) the following content into the policy editor.
Replace the ACCOUNT_ID placeholder with Amazon Account Id obtained previously.{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:*", "Resource": "arn:aws:iam::ACCOUNT_ID:user/iwebz-cloud-operator/*" }, { "Effect": "Allow", "Action": [ "sts:GetFederationToken", "ec2:*", "s3:*", "cloudwatch:GetMetricStatistics", "cloudformation:*" ], "Resource": "*" } ] }
Click “Review Policy” to proceed.
- Click the “Services” link in the top left corner and from the resulting list, select the IAM service.
- On the next page, set the policy name to “iwebzcloudlauncher”. Click “Create Policy” to save the new policy.
STEP 2 – Create New IAM User And Attach Policy
- Select the “Users” section in the left navigation bar and click the “Add user” button.
- On the “Details” page, enter a user name for use such as iwebzcloud. Ensure that the “Programmatic access” checkbox in the “Select AWS access type” section is selected. Click the “Next: Permissions” button to proceed.
- On the “Permissions” page, select the option to “Attach existing policies directly”. From the list of policies, find the new “iwebzcloudlauncher” policy. Select it and click the “Next: Review” button.
- On the “Review” page, review the selected options and click the “Create user” button.
- A new user and corresponding key pair, consisting of an “Access Key ID” and “Secret Access Key”, will be generated and displayed.
The “Secret Access Key” value will not be displayed again, so it is important to accurately note down the “Access Key ID” and “Secret Access Key” values displayed on the screen at this point.
- Log out of the AWS Console.
Your IAM user account and access keys are ready for use.
You now can add the Access Key ID and Secret Access Key to your AWS Keys section.