Set Up and Manage IAM Users

Topics


Create an IAM User

Creating an IAM User is very simple using the AWS CLI. Follow the steps below to create a normal IAM User with no policies assigned.

 

1. Run the command below, substituting 'example-user' for your user name of choice:

‘aws --endpoint-url https://iam.vault.net.nz iam create-user --user-name example-user’

 

 

 

2. The output will indicate the basic details about the newly created user.

 

3. Go to the next section to list your user.

 


List Existing Users

It’s important to know what IAM users currently exist, as this allows you to identify potential security risks and holes before they become a concern.

 

1. Use this command to list IAM Users on your Vault v2 Storage Account :

'aws --endpoint-url https://iam.vault.net.nz iam list-users’

 

2. The output will show a JSON formatted list of users.

 

 

3. Go to the next section to create an access key for your user.

 


Create an Access Key for a User

Before you can use an IAM User on Vault V2, you must create an access key/secret key pair.

 

Use the command below:

‘aws --endpoint-url https://iam.vault.net.nz iam create-access-key --user-name example-user’

 

Note: Ensure you record the Secret Key, as you will be unable to display it again. If you do lose it, simply create a new secret key.

 

 


 

Disable an Access Key

If an IAM user's credentials are compromised, their access can be disabled.

 

Follow these steps:

 

1. Use this command:

‘aws --endpoint-url https://iam.vault.net.nz iam update-access-key --access-key-id xxxxxxxxxx --status Inactive --user-name example-user’

 

2. List the access key to verify. As shown below, the access key’s status is now set to 'Inactive'.

 

 


Enable an Access Key

A previously disabled IAM User's Access Key can be enabled again.  For example, if you disabled some keys that you believe were unused, but it broke a backup application.

 

Follow these steps:

 

1. Use this command to enable an IM user's access key:

‘aws --endpoint-url https://iam.vault.net.nz iam update-access-key --access-key-id xxxxxxxxxx --status Active --user-name example-user’

 

2. List the access key to verify. As shown below, the access key’s status is now set to active.

 

 


Delete an Access Key

Follow the steps below to delete an access key.

 

1. Use this command:

‘aws --endpoint-url https://iam.vault.net.nz iam delete-access-key --access-key-id xxxxxxxxxx --user-name example-user’

 

2. List the access key to verify.

 

 


The page cannot be found

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. Please make sure you spelled the page name correctly or use the search box.