IAM Dev User

To create a new IAM user called “awsdev” with full EC2 and AWS Secrets Manager access using the AWS Management Console, follow these steps:

1. Open the IAM console: https://console.aws.amazon.com/iam/
2. In the navigation pane, click on “Users”.
3. Click on “Add user”.
4. Enter the user name as “awsdev”.
5. Select “Programmatic access” and “AWS Management Console access” for the access type.
6. Set a custom password or choose to auto-generate a password.
7. Uncheck the “Require password reset” option if you don’t want to enforce a password change on the first login.
8. Click on “Next: Permissions”.
9. Click on “Attach existing policies directly”.
10. In the search box, enter “EC2FullAccess” and select the “AmazonEC2FullAccess” policy.
11. In the search box, enter “SecretsManagerFullAccess” and select the “SecretsManagerReadWrite” policy.
12. Click on “Next: Tags”.
13. Add any tags for the user if needed (Optional).
14. Click on “Next: Review”.
15. Review the user details and click on “Create user”.
16. On the success screen, you will see the user’s access key ID and secret access key. Make sure to download or copy the credentials securely, as you won’t be able to access the secret access key again.
17. Click on “Close”.

The “awsdev” IAM user will now be created with full access to EC2 and AWS Secrets Manager.

Custom IAM Policy#

Alternatively, if you want to create a custom IAM policy for the user, you can follow these steps:

1. Open the IAM console: https://console.aws.amazon.com/iam/
2. In the navigation pane, click on “Policies”.
3. Click on “Create Policy”.
4. Select the “JSON” tab and paste the following JSON policy into the editor:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:*"
            ],
            "Resource": "*"
        }
    ]
}

5. Click on “Review policy”.
6. Give the policy a name (e.g., “IAMDevUserPolicy”) and an optional description.
7. Click on “Create policy”.
8. Follow the steps from the previous list (steps 1-17) to create the “awsdev” IAM user, but in step 10, instead of selecting the “AmazonEC2FullAccess” and “SecretsManagerReadWrite” policies, search for and select the custom policy you just created (e.g., “IAMDevUserPolicy”).

The “awsdev” IAM user will now be created with the custom policy attached, granting full access to EC2 and AWS Secrets Manager.

Pre-defined vs Custom IAM Policy#

The custom IAM policy allows for more precise control over the permissions granted to the user, adhering to the principle of least privilege. On the other hand, using pre-defined AWS managed policies may include additional permissions that may not be necessary for the user’s specific tasks.