Tomasz Łakomy: 0:00 Start by logging into your AWS account with your root user. Next up, go to Services and search for IAM, which stands for Identity and Access Management. Click on that in order to get to the service. Next, in the Identity and Access Management dashboard click on Users in order to start creating an admin user.
0:16 Next up, click on Add user, and we're going to start creating our admin user. First up, user name, I'm going to call it admin-user. Next, we have to specify the AWS Access type. Is it going to be a programmatic access? What that means is that this user will be able to use the command line interface in order to access the AWS API, CLI, SDK, and other development tools.
0:37 I'm going to select that. I'm also going to select AWS Management Console Access. What that means is that this user will be able to login to AWS Console the same way that we are logged in right now.
0:46 Next, we have to specify the password for this user, whether it's going to be an auto generated password, or a custom one. We also have to specify whether we are going to require the password reset the next time this user is going to login to AWS.
0:58 I'm going to create a custom password. We can click over here in order to see the password. For the record, I will be deleting this user as soon as I finish recording this lesson. Next up, click on permissions. Right now, we can see that on this account, I don't have any groups. In order to create an admin user, we have to create a group for admin users and afterwards add this user to it.
1:14 I'm going to click on Create group, specify a group name. I'm going to call it AdminUsers. In order for those admin users to have administrator access, we have to attach a proper policy to this group. There are multiple policies that were already created by AWS for us.
1:28 First up, over here, we can see the Policy name, which is AdministratorAccess. If I expand that, we are going to be able to see the Policy summary. We have this Statement, which is specified as a JSON, and it's basically saying that admin users are allowed to take any action on any resource. This is exactly what we want right now. I'm going to go over here and attach this policy to this group.
1:50 Also, there are multiple other policies. For instance, if I search for API, I can see a policy for AmazonAPIGatewayAdministrator, which has slightly different policies. This policy allows to take any action on apigateway on any apigateway resource.
2:07 Nevertheless, we are only interested in AdministratorAccess right now, because we would like those users to be able to do anything that is necessary in this AWS account.
2:16 Next up, I'm going to click on Create Group. Now our group has been created and this user has been added to it.
2:20 Next up, click on Tags. Tags are completely optional. They are a key-value pairs that you can add to your users. For instance, you can specify their email address, also a job title, or something like that. You can use them in order to organize, track, or control access of the user. We are not that organized, and I'm just going to skip it and click on Review.
2:38 In the Review section, we are going to see that we are about to create an admin-user, which is going to have Programmatic access and AWS Management Console access, which is exactly what we want. There are also going to be added to the group AdminUsers that we just created. Click on Create User in order to create this user.
2:52 This part is important. We just specified that this user should have programmatic access to AWS resources. By programmatic access, what we mean is that this user is going to have an Access key ID and Secret access key.
3:03 This is highly important to remember, because this is the only time we are going to be able to see the secret access key. Do not share this key with anyone. I am showing this for the purpose of teaching you how to do that, and I will be deleting this user as soon as I finish recording this lesson.
3:17 You can also click over here in order to download a CSV file containing both access key ID and secret access key. Now we're prepared to configure our programmatic access in AWS CLI. Let us jump to our terminal.
3:27 In order to do that, you have to have AWS Command Line Interface tools installed. You can verify that by running aws --version. I have those installed. If you don't, there is a link in the description of this video showing how to do that, because there are different steps to be taken on Linux, macOS, and Windows.
3:43 Next, I run aws configure in order to configure our programmatic access to AWS. It's going to ask us for the AWS access key ID. Luckily, we do have that over here, so let me just copy, paste that. Next up, secret access key. Again, this is the only time that we are able to access the secret access key, so let me copy and paste that over here.
4:01 Default region name, I'm based in Europe, so I'm going to set eu-central-1. A small tip, if you don't remember the name of the region, you can always go over here and click on this drop-down in order to see the names of different AWS regions. Lastly, the default output format. I'm going to leave it as default.
4:16 Right now, our AWS CLI has been configured. We can verify that. Let me clear this terminal. For instance, you can run aws s3 ls, which is going to list every single S3 bucket I have in this account. You can also cut that AWS credentials in order to see your credentials, which again, you are not supposed to share with anyone.
4:36 That is why I'm going to go over here to IAM dashboard once more, click on users, select this user, and click on delete the user, so that nobody is going to be able to use those keys in order to do something weird with my AWS account. Click on Yes, delete, because I would like to delete this user, and this user doesn't exist anymore.