Create IAM Limited User
Create IAM Limited User
After creating a policy that limits maximum permissions, we will create an IAM user and apply a permission limit to that user.
- Login to IAM Management Console
- In the left sidebar select Users and then select Add user.
3. On the Set user details page, enter the following parameters and then select Next Permissions:
- User name: ec2-admin.
- Access type: Select AWS Management Console access to allow users to login to AWS Management Console.
- Select Custom Password and set a password of your choice.
- Uncheck “User must create a new password at next sign-in”.
4 In the Set permissions section, you need to do the following:
- Select Attach existing policies directly to assign policy directly to IAM user.
- Find and tick AmazonEC2FullAccess to assign EC2 admin rights to IAM user.
-
Then expand the Set permissions boundary section and:
- Select Use a permissions boundary to control the maximum user permissions
- In the Search box, type “ec2-admin-restrict-region” to find and select the restriction policy we created.
- Check and select Next: Tags
- On the Add tags (optional) page, keep the defaults and select Next-Review.
- On the Review page, double-check and select Create user.
- Thus, the user has been created successfully, in the next step we will log in with the newly created ec2-admin user to check if that user can create EC2 instances in the Region different from the Region we have limited or not.
- We will use this IAM user for the next step.
