How to give access to AWS account for freelancers/developers as a business owner (with screenshots) — GoGoSoon

Codewithsooners
4 min readNov 29, 2022

--

Hi Everybody,

Today we are going to see, how to provide permission to AWS accounts for freelancers/developers

Let’s start with an example, as a business owner you created a new AWS account. Consider you have two developers named Michael and John. Both Micheal and John request AWS permission to host a website. Typically what you will do is share them your email and password. This is wrong!

Why you should not share the root user email and password with others?

Reason #1: You will not know who did what?

Consider an example, someone created an EC2 instance for testing. By mistake, they left it running for a month. At the month’s end, you got a surprise bill of $51 for EC2 usage.

How will you find who created the instance? since you have shared your email and password, it will show your name not the person who created the instance

Reason #2: You cannot restrict certain people from doing a certain activity

In your team, consider Micheal is an Experienced developer and John is a junior developer. You want John not to access some parts of your AWS account, since you have shared your account you cannot restrict John from performing specific actions

Reason #3: You will not be able to revoke certain people’s permission

You identified John as leaking critical information to your competitor and you fired John. But he still knows your AWS account email and password, and with that, he can access all your company data

Don’t panic, we can solve all of these problems with an AWS service called “ IAM

What is IAM?

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

How to create IAM accounts for your developers or freelancers

Step 1: Log into your AWS console

Step 2: Once you logged in search for IAM

Step 3: In the left side panel click on Users

Step 4: Click on Add users. Enter the username, and select AWS access type based on your need. If you want to provide programmatic access select Access key or if you’re going to provide only console access then select a password

Step 5: Review User details and click create user

How to provide access for IAM users

Step 1: In the IAM dashboard select users and select the user you want to provide access

Step 2: In the permission tab click on “Add Permission”

Step 3: Attach permission based on your need. For example, if you want to provide EC2 full access then search for “EC2” and select AmazonEC2FullAccess. Click on Review and click add permission

How to view IAM user logs

Step 1: Search for “ CloudTrail “ in the search bar.

Step 2: Select the region where the service is created. For example, if You want to view who created the EC2 instance in the us-west-1 region, then in the cloud trail dashboard too you should select us-west-1 region.

Step 3: Now, in the left side panel click on Event history. You can view all the IAM logs. For example, if you want to view user John’s activities then in the Lookup attributes select User name and enter the username. You can view all the activities of John

How to delete an IAM user

Step 1: Simply click on the search and type IAM

Step 2: In the IAM dashboard click on users in the left sidebar

Step 3: Now select the user you want to delete and in the top right corner click on delete.

In this blog post, we learned about IAM. For more exciting blogs related to AWS subscribe to our newsletter!

Thank you for reading

If you like to know more by watching the video I have created video for you

Originally published at https://www.gogosoon.com on November 29, 2022.

--

--