AWS- Terraform|IAM | Global

3 min readJul 4, 2024

What is IAM?

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

The following diagram shows how a user can get temporary AWS security credentials to access resources in your AWS account.

IAM — AWS CONSOL — Creating User

Users :

An IAM user is an identity with long-term credentials that is used to interact with AWS in an account.

Step 1: Click on Create User

Step 2: Create Group

Step 3: Review and Create

Your User is Successfully created.

Click on “Return to user list “ and client on the user, You can check :

Permissions policies: Permissions are defined by policies attached to the user directly or through groups.

User groups: A user group is a collection of IAM users. Use groups to specify permissions for a collection of users. A user can be a member of up to 10 groups at a time.

Tags: Tags are key-value pairs that you can add to AWS resources to help identify, organize, or search for resources.

Console sign-in: Provide information such as Console sign-in, MFA, Access key, Public Key

Access Advisor: Access Advisor shows the services that this user can access and when those services were last accessed. Review this data to remove unused permissions.

IAM — Using Terraform— Creating User

provider "aws" {
  region     = "us-east-1"     
  access_key = "-----"
  secret_key = "------"
}

#Creating User

resource "aws_iam_user" "user" {
  name = "sakshi"
  path = "/"

  tags = {
    Department = "developer"
  }
}

#Creating Group 

resource "aws_iam_group" "developers" {
  name = "developers"
  path = "/users/"
}

#Attacing User to Group 

resource "aws_iam_user_group_membership" "example1" {
  user = aws_iam_user.user.name

  groups = [
    aws_iam_group.developers.name
  ]
}

#Creating Policy 


resource "aws_iam_policy" "policy" {
  name        = "test-policy"
  description = "A test policy"
  policy      = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "ec2:Describe*",
        ]
        Effect   = "Allow"
        Resource = "*"
      },
    ]
  })
}

#Attaching Policy to User 

resource "aws_iam_user_policy_attachment" "test-attach" {
  user       = aws_iam_user.user.name
  policy_arn = aws_iam_policy.policy.arn
}

If you found this guide helpful then do click on 👏 the button.

Follow for more Learning like this 😊

If there’s a specific topic you’re curious about, feel free to drop a personal note or comment. I’m here to help you explore whatever interests you!

Thanks for spending your valuable time learning to enhance your knowledge!