Amazon Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and set permissions to allow or deny them access to AWS resources.

Amazon resources:

Introduction

Manage Users

Manage Permissions


Creating a new user on IAM (AWS console)

Please refer to Amazon documentation and the AWS console for details on how to create a new IAM user.


Using the IAM plugin on Linx

(Selected examples of IAM functions)

How to create a new user on IAM via Linx Designer

Creating a new user is a process that involves the following:


1. Create a user

Steps:

  1. Create a new Linx Solution (or open an existing Solution)

  2. Add the Amazon IAM plugin to the Solution

  3. Create a Process

  4. From the Amazon IAM plugin, add the CreateUser function to the process

  5. Enter the details of the Properties associated with the CreateUser function:

  1. AWS Credentials:
    These are the details of an existing user with the necessary access credentials and permissions to create a new user. Details to provide include:
    - Key : The public key of the existing user, generated when the access key pair was created
    - KeySecret : The private (secret) key of the existing user, generated when the access key pair was created
    - RegionEndpoint : The Amazon region associated with the user
    - UserAccountNumber : The account number of the AWS account to which the existing and new user have access
    - UserName : The username of the existing user that is creating the new user
  2. Details of the new user:
    This is for the user being created:
    - User name


2. Create an Access Key for a user

Steps:

  1. From the Amazon IAM plugin, add the CreateAccessKey function to your process

  2. Enter the details of the Properties associated with the CreateAccessKey function:

    a. AWS Credentials of the user performing this function

    b. Username of the user for whom an access key is being created

Note:

  • There are three ways in which permissions can be assigned to a user:

    a. By adding the user to a group

    b. By copying permissions from an existing user

    c. By attaching existing policies directly to the user

  • The remaining steps in this section will describe the best-practice method, which is the first option: adding a user to a group.


3. Create a Group

Steps:

  1. From the Amazon IAM plugin, add the CreateGroup function to your process

  2. Enter the details of the Properties associated with the CreateGroup function:

    a. AWS Credentials of the user performing this function

    b. Group name of the group that is being created


4. Attach a Permission Policy to a Group

Steps:

  1. From the Amazon IAM plugin, add the AttachGroupPolicy function to your process
  2. Enter the details of the Properties associated with the AttachGroupPolicy function:

    a. AWS Credentials of the user performing this function

    b. Group name of the group to which the policy is being attached

    c. Policy ARN – the ARN of the policy you want to attach. (Policy ARN’s can be viewed on the AWS console, or can be retrieved by using the ListPolicies function within Linx Designer.)


5. Add a User to a Group

Steps:

  1. From the Amazon IAM plugin, add the AddUserToGroup function to your process

  2. Enter the details of the Properties associated with the AddUserToGroup function:

    a. AWS Credentials of the user performing this function

    b. User name of the user being added to a group

    c. Group name of the group to which the user is being added