How To Create an IAM User in AWS and Turn on MFA

Shivam Kumar
shivam.kumar@a1-ai.com
Sunday,27 May 2023

Sign in to the AWS Management Console:When you sign in to the AWS Management Console from the main AWS sign-in you must choose your user type, either Root user or IAM user. The root user has unrestricted account access and is associated with the person who created the AWS account. The root user then creates other types of users, such as IAM users. An IAM user is an identity within your AWS account that has specific custom permissions. When an IAM user signs in, they can use a sign-in URL that includes their AWS account or alias.On the Console Home page, select the IAM service.

In the navigation pane, select Users.

Click on the "Add user" button to start creating a new IAM user.

Specify User Details:-
User name:Enter a unique name to identify the IAM user within your AWS account.
Access type:(Programmatic access) Enable this option if the user needs to interact with AWS programmatically using Access Key ID and Secret Access Key.
AWS Management Console access: Enable this option if the user requires access to the AWS Management Console using a username and password.
Console password (if "AWS Management Console access" is enabled): Choose either "Auto-generated password" or "Custom password" as the method for setting the user's password.

In AWS Identity and Access Management (IAM), the permissions sectionis where you define what actions an IAM user or group can perform on AWS resources. When setting permissions in IAM, you have two primary options:

Managed Policies: AWS provides a set of pre-defined policies known as "AWS managed policies." These policies cover common use cases and services in AWS, such as read-only access to specific resources or full administrative access. You can select one or more managed policies and attach them to an IAM user or group. AWS takes care of maintaining and updating these policies.

Custom Policies:If the managed policies don't meet your specific requirements, you can create custom policies. Custom policies allow you to define fine-grained permissions by specifying the actions, resources, and conditions for access. You can either write the JSON policy document manually or use the IAM Policy Generator to create the policy based on the desired permissions. Once created, you can attach the custom policy to an IAM user or group. When attaching policies to an IAM user or group, keep the principle of least privilege in mind. Only grant the minimum permissions necessary for the user or group to perform their intended tasks. This helps minimize the potential impact of compromised credentials or accidental misuse.

After providing the required details, review your selections on the "Review" page.

Click on the"Create user"button to create the IAM user.

To log in for the first time to an IAM (Identity and Access Management) user account, follow these steps:

Access the AWS Management Console:Open a web browser and go to the AWS Management Console login page.

Enter your account ID or account alias:Provide the account ID or account alias associated with your IAM user account. This information is typically provided to you by the AWS account administrator.

Enter the IAM user name:Input the IAM user name provided to you by the AWS account administrator. It uniquely identifies your user account within the AWS account.

Enter your password:Type in the password associated with your IAM user account. This is usually set by the AWS account administrator or during the user creation process.

Complete the login processClick on the "Sign In" or "Login"button to finalize the login process

Once you have successfully logged in, you'll gain access to the AWS Management Console and be able to utilize the services and resources available to your IAM user account, according to the permissions granted to you by the account administrator.

To set up Multi-Factor Authentication (MFA) for your own AWS IAM account, you can follow these step-by-step instructions:

Step 1→Sign in to the AWS Management Console:Go to the AWS Management Console at Enter your AWS account credentials and sign in.

Step 2→Access the IAM service:Once you're logged in, search for "IAM" in the AWS Management Console search bar. Click on the "IAM" service to access the IAM dashboard.

Step 3→Navigate to your IAM dashboard:In the IAM dashboard go to users, click on your account name, select "My Security Credentials."

Step 4→Enable MFA for your IAM account:In the "My Security Credentials" page, scroll down to the "Multi-Factor Authentication (MFA)" section. Click on the "Assign MFA device ".

Step 5→Choose the MFA device:

Step 6→Configure the virtual MFA device:In the next screen, you will see a QR code or a secret key. Use a mobile authenticator app like Google Authenticator to scan the QR code or manually enter the secret key. This will link your virtual MFA device to your IAM account.

Step 7→Verify MFA setup:After configuring the virtual MFA device, the authenticator app will generate a 6-digit code. Enter the current code into the "MFA code 1" field on the AWS console. Click on the "Assign MFA" button to complete the setup.

Step 8→ Test MFA:To ensure that MFA is working correctly, sign out of the AWS Management Console. Sign in again using your AWS account credentials. You will be prompted to enter the MFA code from your authenticator app.

Enter the code generated by your virtual MFA device.If the code is correct, you will be successfully logged in. That's it! You have now set up MFA for your own IAM account in AWS. This provides an additional layer of security to help protect your account.