aws-iam-users.html.md.erb

---
title: Creating IAM Users
---

## <a id="create"></a> Creating new IAM user

1. Log into the AWS console: [https://console.aws.amazon.com/console/home](https://console.aws.amazon.com/console/home).

    <%= image_tag("images/deploy-microbosh-to-aws/account-dashboard.png") %>

1. Click your account name and select **Security Credentials**.

    <%= image_tag("images/deploy-microbosh-to-aws/security-credentials-menu.png") %>

1. If the AWS IAM confirmation box is presented, click **Get Started with IAM Users** to go to IAM Users management page. Alternatively go directly to [users list](https://console.aws.amazon.com/iam/home#users).

    <%= image_tag("images/deploy-microbosh-to-aws/iam-modal.png") %>

1. Click **Create New Users** button.

    <%= image_tag("images/deploy-microbosh-to-aws/list-iam-users.png") %>

1. Enter a descriptive name for a new user, make sure that access keys will be generated for each user and click **Create** button.

    <%= image_tag("images/deploy-microbosh-to-aws/create-iam-users.png") %>

1. Record **Access Key ID** and **Secret Access Key** for later use. Click **Close** link to get back to the list of users.

    <%= image_tag("images/deploy-microbosh-to-aws/get-iam-creds.png") %>

1. Click on a new user from the list of users.

1. Click on **Inline Policies** panel and choose to create a new inline policy.

    <%= image_tag("images/deploy-microbosh-to-aws/attach-iam-policy.png") %>

1. Choose **Custom Policy**.

1. Add a policy configuration for the chosen user and click **Apply Policy**.

    <%= image_tag("images/deploy-microbosh-to-aws/add-iam-inline-policy.png") %>

    For example your aws-cpi's inline policy allows EC2 and full ELB access:

    ```yaml
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": [
            "ec2:AssociateAddress",
            "ec2:AttachVolume",
            "ec2:CreateVolume",
            "ec2:DeleteSnapshot",
            "ec2:DeleteVolume",
            "ec2:DescribeAddresses",
            "ec2:DescribeImages",
            "ec2:DescribeInstances",
            "ec2:DescribeRegions",
            "ec2:DescribeSecurityGroups",
            "ec2:DescribeSnapshots",
            "ec2:DescribeSubnets",
            "ec2:DescribeVolumes",
            "ec2:DetachVolume",
            "ec2:CreateSnapshot",
            "ec2:CreateTags",
            "ec2:RunInstances",
            "ec2:TerminateInstances",
            "ec2:RegisterImage",
            "ec2:DeregisterImage"
          ],
          "Effect": "Allow",
          "Resource": "*"
        },
        {
          "Effect": "Allow",
          "Action": [ "elasticloadbalancing:*" ],
          "Resource": [ "*" ]
        }
      ]
    }
    ```

    <p class="note">Note: It's highly encouraged to set very restrictive policy to limit unncessary access.</p>