HOW TO USE AWS VIA CLI AND LOGIN WITH THE IAM & ROOT USER
In this blog, I will explain how we can access AWS services using the command-line interface(CLI).
First, download the required SDK file for windows, click here
Now double click on the msi file and install it as shown:
After the installation is complete go to the command prompt and try running
aws — — version
After successful installation, you will be able to get the SDK version as the output on the console screen.
Now go to your aws dashboard search for IAM and in the IAM dashboard click on Users.
After this click on Add User
Give the username their:
Now as you can see here it asks for the AWS access type- We can restrict the users for a certain access type also that includes if the user does not want to use the cli we can give it the management console access only it will be helpful for those who are not from the programming background and only want to use a certain service in the cloud.
The other option is to provide them the programmatic access, Hereby choosing this option will generate an access key and a secret key which will be helpful in logging into the console using the command-line interface.
I have checked on both the options so that I can show you both the approaches and furthermore things.
Now click on the Give Permissions button you will be redirected to a different page
Here click on the attach existing policies directly and search for the EC2fullAccess permissions.
We can attach different policies to our users based on the requirements, Also here we can create our own set of rules, or I can say permissions for more granular control over the user.
I will discuss more the roles and permissions in my next blog, But in this blog, I would like to skip this part for now
Next, give tags to the user it is an optional step so if you want to give tags to the user you can give them.
I left this step blank and now Review the user permissions
Click on the create user.
Now after the user has been created, you need to download the credential files as this will contain the access key and secret key for the new user you have created.
I recommend don't share this file with anyone can use these credentials to log in to your account.
After downloading the csv file now launch the command prompt and run
Give the access key and secret key as prompted and for the region use ap-south-1 as this denotes the Mumbai region
Now you can access your AWS account with limited access to use only the EC2 services.
Run aws ec2 describe-instances to check the no of instances running
Now copy your Account Id as shown to login via the IAM user
In the Login page choose the IAM user and first give the 12 digit Account Id, the username, and password.
As you can see this dashboard is not opened using the root user, hence this user will have very limited power over the use of other services.
Now, what will happen if we use this account to create a bucket?
As you can see we can’t access any other services using this user. Similarly, we can give other permissions to this user according to the requirements.
Now for getting this access key and secret key for the root user we need to go to the IAM dashboard and click on My Access Key as shown
Now click onto the Create new AccessKey
And download the csv file.
Again to login from the command prompt use aws configure command and again give the access key and secret key there.
I hope this helps.