December 7, 2012 at 13:15AWS: How to create a login to your account for multiple users using IAM
- Tutorial
Hello! 
Many have AWS accounts that other people support. For example, the situation: the client wants the admin to configure something for him. What to do? Provide email and password? Not comme il faut ... There is a way out, and I will tell you with pictures what and how, using the example of my personal account.
AWS has a great IAM (Identity and Access Mangement) service. The first thing we go there is https://console.aws.amazon.com/iam/ . First, configure the address of your own console login page. Find and click the Create Accoun Alias button on the IAM main page:
My console is now available at: https://kozhokaru.signin.aws.amazon.com/console .
After, let's create a new group of users who can only administer the EC2 service, eg. We are looking for a button.
Next we will create a group:
Find the one you need in the default policies Amazon EC2 Full Access : We
agree with the prepared template in JSON format. By the way, for more flexible access rights settings, there is a Policy Generator. It will help create a policy that meets all your requirements.
Next, we can create new users for the group:
Group and user are ready. We can only verify and confirm:
So, we just have to create a password for the user. We go to the users menu and add the password to it:
So, everything is ready. We go to the console address and enter the user details:
For this user, only the EC2 service options are available. Neither to other services, nor to billingno access .
That's all, outlines the settings for a separate console for an account. In IAM up to 80 users are available for free (by default, but the number can be increased) with different rights, keys, certificates. This is very convenient for account administrators, because almost everywhere you can distinguish access rights.
Many have AWS accounts that other people support. For example, the situation: the client wants the admin to configure something for him. What to do? Provide email and password? Not comme il faut ... There is a way out, and I will tell you with pictures what and how, using the example of my personal account.
AWS has a great IAM (Identity and Access Mangement) service. The first thing we go there is https://console.aws.amazon.com/iam/ . First, configure the address of your own console login page. Find and click the Create Accoun Alias button on the IAM main page:
My console is now available at: https://kozhokaru.signin.aws.amazon.com/console .
After, let's create a new group of users who can only administer the EC2 service, eg. We are looking for a button.
Next we will create a group:
Find the one you need in the default policies Amazon EC2 Full Access : We
agree with the prepared template in JSON format. By the way, for more flexible access rights settings, there is a Policy Generator. It will help create a policy that meets all your requirements.
Next, we can create new users for the group:
Group and user are ready. We can only verify and confirm:
So, we just have to create a password for the user. We go to the users menu and add the password to it:
So, everything is ready. We go to the console address and enter the user details:
For this user, only the EC2 service options are available. Neither to other services, nor to billingno access .
That's all, outlines the settings for a separate console for an account. In IAM up to 80 users are available for free (by default, but the number can be increased) with different rights, keys, certificates. This is very convenient for account administrators, because almost everywhere you can distinguish access rights.