Shell

How to Create an IAM user on an AWS account using shell script

/ Sagar/Shanky / Leave a comment

Are you using the correct credentials and right permissions to log in to your AWS account? From a security point of view, it is essential to grant the right permissions to users and identities that access AWS accounts. That is where Identity and access management (AWS IAM) plays a vital role.

In this tutorial, you will learn how to create an IAM user on an AWS account using shell script step by step. Let’s get started.

Join 50 other followers

Table of Content

  1. What is Shell Scripting or Bash Scripting?
  2. What is AWS IAM or What is IAM in AWS ?
  3. AWS IAM Resources
  4. AWS IAM entities
  5. AWS IAM Principals
  6. AWS IAM Identities
  7. Prerequisites
  8. How to create IAM user in AWS manually
  9. How to create AWS IAM user using shell script in Amazon account
  10. Executing the Shell Script to Create AWS IAM user
  11. Verifying the Newly created IAM user in AWS
  12. Conclusion

What is Shell Scripting or Bash Scripting?

Shell Script is a text file containing lists of commands executed on the terminal or shell in one go in sequential order. Shell Script performs various important tasks such as file manipulation, printing text, program execution.

Shell script includes various environmental variables, comments, conditions, pipe commands, functions, etc., to make it more dynamic.

When you execute a shell script or function, a command interpreter goes through the ASCII text line-by-line, loop-by-loop, test-by-test, and executes each statement as each line is reached from top to bottom.

What is AWS IAM or What is IAM in AWS ?

AWS IAM stands for Amazon Managed service Identity and access management service that controls who can access AWS account and what resources in AWS account can be accessed.

When you create a new AWS account by default, you are the root user, have control over the entire AWS account, and can access everything. The Root user can log in to an AWS account using an email address and password you registered.

There are some important components in AWS IAM such as:

AWS IAM Resources

AWS IAM resources are the objects stored in IAM, such as user, role, policy, group, and identity provider.

AWS IAM Resources
AWS IAM Resources

AWS IAM entities

AWS IAM entities are those objects which can authenticate on AWS account, such as root user, IAM user, federated user, and assumed IAM roles.

AWS IAM entities
AWS IAM entities

AWS IAM Principals

AWS IAM Principals are the applications or users who use entities and work with AWS services. For example, Python AWS Boto3 or any person such as Robert.

AWS IAM Identities

AWS IAM Identities are the objects which identify themselves to another service such as IAM user “user1” accessing AWS EC2 instance. This shows that user1 shows its own identity that I have access to create an AWS EC2 instance. Examples of identity are group, users, and role.

AWS IAM Identities
AWS IAM Identities

Prerequisites

  1. AWS account to create ec2 instance. If you don’t have AWS account please create from AWS account or AWS Account
  2. Windows 7 or plus edition where you will execute the shell script.
  3. AWS CLI installed. To install AWS CLI click here.
  4. Git bash. Yo install Git bash click here
  5. Code editor for writing the shell script on windows machine such as visual studio code. To install visual studio click here.

How to create IAM user in AWS manually

Do you know root user is a shared account with all privileges,’ but it is not recommended to be used for any activity on an AWS account?

Instead of using a root user, a shared user, use an individual user and have various permissions accordingly.

IAM user can access a single AWS EC2 instance or multiple AWS S3 buckets or even attain admin access to gain complete access to AWS account.

  • Navigate to the Amazon Management console and and search for IAM.
  • Under AWS IAM page click on Add users button in IAM dashboard.
Adding a IAM user in AWS Cloud
Adding an IAM user in AWS Cloud
  • Now, provide the username, add a custom password and also select Programmatic access as shown below.
Providing the details to create a IAM user
Providing the details to create an IAM user
  • Click on Next permissions and choose Attach existing policies. This tutorial will grant Administrator access to the IAM user that you created previously.
Attaching IAM policy to IAM user in AWS
Attaching IAM policy to IAM users in AWS
  • For now skip tagging and click on create user. IAM user is created successfully . Now save the access key ID and Secret access key that will be used later in the article.
Downloading the AWS IAM user credentials for IAM user
Downloading the AWS IAM user credentials for IAM user

How to create AWS IAM user using shell script in Amazon account

Previously you learned how to create an IAM user manually within the Amazon Management console, but this section lets you create an AWS IAM user using a shell script in an Amazon account. Let’s quickly jump into and create the script.

  • Create a folder of your windows machine at any location. Further under the same folder create a file named create-iam-user.sh and copy/paste the below code. 
#! /bin/bash
# Checking if access key is setup in your system 

if ! grep -q aws_access_key_id ~/.aws/config; then      # grep -q  Turns off Writing to standard output
   if ! grep -q aws_access_key_id ~/.aws/credentials; then 
      echo "AWS config not found or CLI is not installed"
      exit 1
    fi 
fi


# read command will prompt you to enter the name of IAM user you wish to create 

read -r -p "Enter the username to create": username

# Using AWS CLI Command create IAM user 

aws iam create-user --user-name "${username}" --output json

# Here we are creating access and secret keys and then using query and storing the values in credentials

credentials=$(aws iam create-access-key --user-name "${username}" --query 'AccessKey.[AccessKeyId,SecretAccessKey]'  --output text)

# cut command formats the output with correct coloumn.

access_key_id=$(echo ${credentials} | cut -d " " -f 1)
secret_access_key=$(echo ${credentials} | cut --complement -d " " -f 1)

# echo command will print on the screen 

echo "The Username "${username}" has been created"
echo "The access key ID  of "${username}" is $access_key_id "
echo "The Secret access key of "${username}" is $secret_access_key "

Executing the Shell Script to Create AWS IAM user

Previously you created the shell script to create the AWS IAM user, which is great, but it is not doing much unless you run it. Let’s execute the shell script now.

  • Open the visual studio code and then open the location of file create-iam-user.sh.
Opening Shell script on visual studio code
Opening Shell script on visual studio code
  • Finally execute the shell script.
./create-iam-user.sh
Executing the shell script to create the AWS IAM user
Executing the shell script to create the AWS IAM user

Verifying the Newly created IAM user in AWS

Earlier in the previous section, the shell script ran successfully; let’s verify the if IAM user has been created in the AWS account.

  • Open your favorite web browser and navigate to the AWS Management Console and log in.
  • While in the Console, click on the search bar at the top, search for ‘IAM’, and click on the IAM menu item and you should see the IAM user is creared.
Verifying the Newly created IAM user in AWS
Verifying the Newly created IAM user in AWS

Conclusion

In this tutorial, you learned how to create AWS IAM users using shell script on AWS step by step. With IAM, you get individual access to AWS account, and you can manage permissions accordingly.

Now that you have newly created IAM users in the AWS account, which AWS resource do you plan to create next using this?

Advertisement