Creating an IAM user

First, you will need to create an IAM user with the appropriate permissions needed to do the lab if you do not have one already. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. It is highly recommended that you do not use the default root user of your AWS account and instead provision your own IAM user for security purposes.

  • Sign into your AWS account and go to the IAM landing page by clicking Services > IAM or by clicking this quick link.

  • Click Users on the left-hand navigation pane and then select Add user.

  • Give your user a user name and enable AWS Management Console access so that you can give your user the ability to sign-in to the AWS Management console. You can optionally choose to enable Programmatic access so that you can download an access key and secret access key to use the AWS Command Line Interface (CLI). It is not needed for this lab, but it is a good tool to use.

  • Select Next: Permissions and choose Attach existing policies directly. Choose the AdministratorAccess policy to add to your user.

SECURITY DISCLAIMER: Here, you are adding full administrator access for simplicity of lab purposes. However, it is best practices that with IAM you assign fine-grained permissions to AWS services and to your resources. If you want to make your permissions more fine-grained and not use admin permissions, you can add permissions for only the services that will be used in this lab, including Cognito, API Gateway, Lambda, S3, Kinesis, Glue, Athena, QuickSight, and CloudWatch.

  • Select Next: Tags, Next: Review and finally Create user.

  • You can Download .csv to download and save your access key ID and secret access key for use later when setting up the CLI optionally - again, this is not needed for this lab but it is a good tool to use in the future when working with AWS if you prefer to work from the command line.

  • Sign into the AWS Management Console with the IAM credentials you just created.

You are done setting up the prerequisites needed for this lab.