You can use the following steps to create an IAM user:
Navigate to the IAM console.
Select Users and then choose Add user.
Type a username for the new user. IAM usernames need to be unique in a single AWS account. This username will be used by the user to sign in to the AWS console.
For the access type, select both Programmaticaccess and AWS Management Console access:
Programmatic access grants users access through the API, AWS CLI, or tools for Windows PowerShell. An access key and secret key are created for the user and are available to download on the final page.
AWS Management Console access grants users access through the AWS Management Console. A password is created for the user and is available to download on the final page.
For Console password, choose one of the following:
Autogenerated password: This will randomly generate a password for the user that meets the account password policy in effect.
Custom password: You can type a password that satisfies the account password policy in effect.
(Optional) You can select Require password reset to ensure that users are forced to change their password when they log in for the first time.
Select Next: Permissions.
Skip the Set permissions page and select Next: Tags.
Select Next:Review, and then select Create user.
This will generate the user's access keys (access key IDs and secret access keys) and password. Download the generated credentials by selecting Download .csv and then save the file to a safe location.
Share the credentials with users who need to access AWS services. This is an empty IAM user with no access to any AWS services. The AWS administrator will need to execute the CloudFormation template based on the relevant chapter to allow the appropriate access.
Recipe 2 – Storing database credentials using Amazon Secrets Manager
You can use the following steps to create an IAM user: