Creating IAM users

When you sign up with AWS, you get a root account. A root account is a very powerful account and its use should be avoided for your day-to-day operations. For security reasons, you can create individual IAM users to manage identity and permissions for AWS resources. You can create users using the PowerShell cmdlet provided, you have rights to do so. Identify and Access Management is a global service and is identified as the IAM service. An IAM user is an entity that you create in AWS to represent the person, or the service that uses it to interact with AWS. A user in the AWS consists of a name and credentials. If you want to know all the cmdlets that are provided for an IAM service, you can use this:

PS C:\> Get-Command -Module AWSPowerShell.NetCore -Name "*-IAM*"

All the cmdlets in regard to this service will be listed. You can make use of the New-IAMUser cmdlet to add a user in your AWS account:

PS C:\> New-IAMUser -UserName Ramesh

This will create a user in your AWS account. All IAM users start with a non-explicit deny rule. Hence, a user that we created does not have permission.

Let's now move to the next section to understand IAM groups.