Adding more users to your EC2 instance with IAM

Amazon makes it easy to try out AWS with a free micro instance. As you start using it more, one of the first things you might want to do is let others have access to your instance. Using the IAM service, it’s easy to add more users and set up a management console address that’s not directly tied to your own Amazon account.

Go to your AWS Console (I’m assuming you’ve already set up an account). The screen at this point should have the message, ‘Sign In or Create an AWS Account’, and prompt you for your Amazon account username and password. Sign in.

At the AWS Management Console prompt, select ‘AWS Identity and Access Management (IAM)’. You should be at the IAM dashboard. 

At the bottom of the screen, under AWS Account Alias, notice the IAM User sign-in URL at the bottom. We want to change that url that starts with a bunch of random numbers to something easier to deal with. Think of an alias you want to use. We’re going to use ‘acme-app’.

This is only a url for the AWS console. Your end-users won’t see it so it’s not a huge deal. Click the ‘Create Account Alias’ button at the bottom and put in your name, eg. ‘acme-app’. The url for the console would then becomes ‘https://acme-app.signin.aws.amazon.com/console’. You can go back later and change it if you want.

Next click the big ‘Create a new group of users’ button.

We’ll just do an admin group, but there are a lot of different authorization settings you can use. Type in a group name of ‘admin’. On the next screen, ‘Permissions’, click the ‘Administrator Access’  select button. Just hit ‘Continue’ through the edit permissions screen.

On the users screen, create user ids for all your admins.

On the next screen there is a ‘Download credentials’ link. Download it somewhere you won’t forget.

To set initial passwords for your users, screen, click the users link under IAM Resources. Then go to the Security Credentials tab below, and click ‘Manage Password’. Assign or auto-generate a password.

Your users will also need their access key id and secret access key from the credentials.csv you downloaded in order to connect to AWS through api calls, ie. command-line.

And that’s it! Other users can now get to your instance. If they go to the url you defined, they should see ‘AWS Account acme-app’, rather than the initial basic AWS screen we noted above, and only the user accounts you defined for it will be valid.

The owner of the account will always be able to get into the the console with either a user account defined for the new url, or their normal Amazon logon. If you’re on the new app-specific login screen but want to use your AWS account instead, click the ‘Sign in using AWS Account credentials’ link.

This entry was posted in cloud, software and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *