How to Create a IAM user on AWS account using shell script

Are you using correct credentials and right permissions to login to AWS account ? It is very important from a security point of view to grant right permissions to users and identities which access AWS account. To solve access issue AWS has a very crucial service know as AWS IAM that is Identity and access management.

In this tutorial we will go through through what is AWS IAM that is Identity and access management and what is IAM user ? Also we will go through a shell script which will create IAM user from windows machine in AWS account.

Table of Content

  1. What is Shell script ?
  2. What is AWS IAM?
  3. What is AWS IAM user ?
  4. Prerequisites
  5. Install AWS CLI Version 2 on windows machine
  6. How to launch or create AWS IAM user in Amazon account using shell script
  7. Conclusion

What is Shell Scripting or Bash Scripting?

Shell Script is simply a text of file with various or lists of commands that are executed even on terminal or shell one by one. But in order to make thing little easier and run together as a group and in quick time we write them in single file and run it.

Main tasks which are performed by shell scripts are : file manipulation , printing text , program execution. We can include various environmental variables in script that can be used at multiple places , run programs and perform various activities are known as wrapper scripts.

A good shell script will have comments, preceded by a pound sign or hash mark, #, describing the steps. Also we can include conditions or pipe some commands to make more creative scripts.

When we execute a shell script, or function, a command interpreter goes through the ASCII text line-by-line, loop-by-loop, test-by-test, and executes each statement as each line is reached from the top to the bottom.

What is AWS IAM ?

AWS IAM stands for Amazon Managed service Identity and access management service . This is a Amazons of the most important service that helps to control who can access AWS account and what resources in AWS account can be accessed.

When you create AWS account , you have control on entire AWS account that is you have access to everything in the account and this user is known as root user. The Root user can login to AWS account using email address and password.

There are some basic terms which one must know before using IAM service.

  • Resources: Resources are objects that are stored in IAM such as user, role, policy , group and identity provider.
  • Entities: Entities are those objects which can authenticate on AWS account such as root user, IAM user , federated user and assumed IAM roles.
  • Principals: Applications or person who uses entities and work with AWS services. For example Python AWS Boto3 or any person such as Robert.
  • Identities: Identities are the objects which identifies themselves to other service such as IAM user “user1” has access to AWS Ec2 instance. This shows that user1 is showing its own identity that I have access to create ec2 instance . Examples of identity are group, users and role.

What is AWS IAM user?

As discussed earlier when you create AWS account , you have control on entire AWS account that is you have access to everything in the account and this user is known as root user . But this root user is a shared account with all privileges’ and it is not a recommended user to be used for any activity on AWS account.

Instead of using root user which is shared user we have IAM user identity which is an individual user and can have various permissions accordingly. Some user may have access to just EC2 some may have access to AWS S3 or AWS EC2 service or some user may have all permissions as root user.

How can you manually create IAM user in AWS account?

  • In order to create AWS IAM user you must have AWS account . If you don’t have AWS account please create from AWS account or AWS Account
  • Go to AWS console and search for IAM.
  • Click on users in IAM dashboard.
  • Click on Add user
  • Add the username , In case of Access type select both types and add a custom password. You can change this password later as well if you want and finally click on Next permissions
  • Click on Next permissions and choose Attach existing policies
  • For now skip tagging as this demo and finally click on create user
  • IAM user is created successfully . Now Save the Access key ID and Secret access key which is very important for further use.

Prerequisites

  1. AWS account to create AWS IAM user. If you don’t have AWS account please create from AWS account or AWS Account
  2. Windows 7 or plus edition where you will execute the shell script.
  3. Python must be installed on windows machine which will be required by AWS cli. If you want to install python on windows machine follow here
  4. You must have Git bash already installed on your windows machine. If you don’t have install from here
  5. Code editor for writing the shell script on windows machine. I would recommend to use visual studio code on windows machine. If you wish to install visual studio on windows machine please find steps here

In this demo , we will use shell script to launch AWS IAM user. So In order to use shell scripts from your local machine that is windows you will require AWS CLI installed and configured. So First lets install AWS CLI and then configure it.

Install AWS CLI Version 2 on windows machine

  • Download the installed for AWS CLI on windows machine from here
  • Select I accept the terms and then click next button
  • Do custom setup like location of installation and then click next button
  • Now you are ready to install the AWS CLI 2
  • Click finish and now verify the AWS cli
  • Verify the AWS version by going to command prompt and type
aws --version

Now AWS cli version 2 is successfully installed on windows machine, now its time to configure AWS credentials so that our shell script connects AWS account and execute commands.

  • Configure AWS Credentials by running the command on command prompt
aws configure
  • Enter the details such as AWS Access key , ID , region . You can skip the output format as default.
  • Check the location on your system C:\Users\YOUR_USER\.aws file to confirm the the AWS credentials
  • Now, you’re AWS credentials are configured successfully.

How to launch or create AWS IAM user in Amazon account using shell script

Now we have configured AWS cli on windows machine , its time to create our shell script to create AWS IAM user.

  • Create a folder on your desktop and under that create file create-iam-user.sh
#! /bin/bash
 

# To check if access key is setup in your system 

if ! grep -q aws_access_key_id ~/.aws/config; then      # grep -q  Turns off Writing to standard output
   if ! grep -q aws_access_key_id ~/.aws/credentials; then 
      echo "AWS config not found or CLI is not installed"
      exit 1
    fi 
fi


# read command will prompt you to enter the name of IAM user you wish to create 

read -r -p "Enter the username to create": username


# Using AWS CLI Command create IAM user 

aws iam create-user --user-name "${username}" --output json

# Here we are creating access and secret keys and then using query and storing the values in credentials

credentials=$(aws iam create-access-key --user-name "${username}" --query 'AccessKey.[AccessKeyId,SecretAccessKey]'  --output text)

# cut command formats the output with correct coloumn.

access_key_id=$(echo ${credentials} | cut -d " " -f 1)
secret_access_key=$(echo ${credentials} | cut --complement -d " " -f 1)

# echo command will print on the screen 

echo "The Username "${username}" has been created"
echo "The access key ID  of "${username}" is $access_key_id "
echo "The Secret access key of "${username}" is $secret_access_key "

  • Now open visual studio code and open the location of file create-iam-user.sh and choose terminal as Bash
  • Now run the script
./create-iam-user.sh
  • Script ran successfully , now lets verify the IAM user by going on AWS account.

Conclusion

In this tutorial, we demonstrated what is an IAM user  and learnt how to create AWS IAM user using shell script on AWS step by step. With IAM you get a individual access to AWS account and you can manage permissions accordingly.

Hope this tutorial will help you in understanding the shell script and provisioning the AWS IAM user on Amazon cloud. Please share with your friends

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s