How to manage AWS IAM users and policies

· Category: Cloud Computing

Short answer

AWS IAM manages who can access what in your AWS account through users, groups, roles, and policies.

Steps

  1. Create a user:
aws iam create-user --user-name alice
  1. Attach a managed policy:
aws iam attach-user-policy --user-name alice --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
  1. Create a custom policy with least privilege.
  2. Use roles for cross-account access and EC2 instance profiles.

Tips

  • Enable MFA for the root account and privileged users.
  • Use IAM Access Analyzer to identify unintended resource access.
  • Rotate access keys regularly and prefer IAM roles where possible.

Common issues

  • Overly permissive policies violate least privilege.
  • Hardcoded credentials in code: use IAM roles or AWS Secrets Manager.