we will complete our setup of I am.
We will create I am user accounts.
We will create a group to assign permissions.
We will create and apply
and I am password policy
from the AWS console. We will type. I am into the search bar toe Open the identity and Accidents Management dashboard.
As you can see, we still have three tasks remaining to be completed.
We will need to create I am users.
We will need to create a group to assign our users too.
And then we will need to assign a password policy to our users.
So let's begin with the task of creating our first user,
and here I'll put in my user name of Shawn.
Next, I will give myself a W s management Council access
for my password. I can either have A W s auto generated password for me or provide my own custom password. I'll provide my own
by default. A W s will require a new user to reset their pastor when they sign in for the first time. But since this is a demonstration, I will uncheck that box
on the next screen. were presented with three options on how to assign permissions to our user.
We can assign the user to a group
or copy permissions from an existing user.
We'll attach policies directly.
Let's create a group first
on the group create screen.
We first want to give our group name.
the group formerly known his route,
and I will sign my group administrator Access,
which will provide my members of the group Full access to AWS service is
Then we will click Create Group to make it official.
Now we see that our new group has been created.
Next, I will review the user that I created
nothing complicated here. This just confirms that I created a user named Sean.
Sean has access to the AWS Management Council,
and Shaw will need to supply the custom password that he created when he logs in
showings accesses administrator.
Next we move on to the confirmation.
Basically, this confirms that the creation of the new user account was successful.
It also provides us with a sign and link
that is different than the sign and link that's used for a root account.
We create a new user this is the link that you would send them by email to sign
into their AWS user account.
They can also click the down low C S V button that will contain their user credentials.
So now let's create a second user
noticed that A. W S warns me that a user named Sean already exists, So the next username will need to be unique.
So let's give this user name
Since he Shawn's friend, let's give him the same permissions. Permissions is Shawn
and create a custom password for him.
So now that the second user account is created,
we can add it to the administrators group.
the new user that we created
that looks good. So then we move on to the confirmation page.
Then we click the small down arrow to see the policy that has assigned to the user friend of Sean.
If you notice we made it part of the policy that this user will need to change his credentials upon first log in
Next we returned to the user screen
and we could see our two users.
We still have not added any of the users to the Administrators group yet. So let's do that. Now
we click on Friend of Sean,
select the group's tab
quick at users to the group.
At this time, we have only created one group, so we click that one,
and now we have added this user to the administrator account.
Next we will go to account settings.
This is where we create our pastoral policy
for our AWS user accounts.
We can get as granular is a quiet by our business security policy.
By default, users are permitted to change their own password.
We will just create a policy where passers expire after 90 days
and that it with a password expires.
Then the user will need to contact the administrator to have it reset.
Then we just apply the password policy.
Next, we returned to our user screen because I forgot to add the user showing to the administrators group.
So, just like before,
we click on the user name that we want to perform the action upon,
that will be adding the user too,
and we see that the administrative group now contains two users.
we clicked back on the I am dashboard
and you will see that we have created all task to properly set up. I am.
How do we access I am?
We can access I am by logging into the AWS console and typing I am to pull up the I Am dashboard.
Do you have to manage each user one by one, or can I sign users to groups
from administrative perspective, it's best practice to assign users to groups based on their job requirements.
Once I create a new user,
how can I get their user credentials to them?
So once you create a U user account, you can send the user credentials by email straight from the AWS Consul.
we completed setup of I Am
We created I am user accounts.
We created a group and assigned permissions
and we created and apply and I am password policy.