devops-exercises/topics/aws/exercises/create_user/solution.md

60 lines
1.6 KiB
Markdown
Raw Permalink Normal View History

2021-11-07 16:54:06 +01:00
## IAM AWS - Create a User
### Objectives
As you probably know at this point, it's not recommended to work with the root account in AWS. For this reason you are going to create a new account which you'll use regularly as the admin account.
1. Create a user with password credentials
2. Add the newly created user to a group called "admin" and attach to it the policy called "Administrator Access"
3. Make sure the user has a tag called with the key `Role` and the value `DevOps`
### Solution
1. Go to the AWS IAM service
2. Click on "Users" in the right side menu (right under "Access Management")
3. Click on the button "Add users"
4. Insert the user name (e.g. mario)
5. Select the credential type: "Password"
6. Set console password to custom and click on "Next"
7. Click on "Add user to group"
8. Insert "admin" as group name
9. Check the "AdministratorAccess" policy and click on "Create group"
10. Click on "Next: Tags"
11. Add a tag with the key `Role` and the value `DevOps`
12. Click on "Review" and then create on "Create user"
13. ### Solution using Terraform
```
resource "aws_iam_group_membership" "team" {
name = "tf-testing-group-membership"
users = [
aws_iam_user.newuser.name,
]
group = aws_iam_group.admin.name
}
resource "aws_iam_group_policy_attachment" "test-attach" {
group = aws_iam_group.admin.name
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}
resource "aws_iam_group" "admin" {
name = "admin"
}
resource "aws_iam_user" "newuser" {
name = "newuser"
path = "/system/"
tags = {
Role = "DevOps"
}
}
```