A user is equivalent to a username and password that can be used in API calls to AWS. A User is similiar to how the pem files work, but instead of SSH, this is for AWS API calls. In contrast to a Role, we can use a user anywhere, e.g. our local laptop.
We're creating a user to be stored in a file specifically for our jumphost. That file can be locked down via ACLs and then protected behind sudo. If we used a Role on the jumphost, then anyone on the jumphost would have access to it.
- View Users page. The page can also be accessed from Services | IAM | Users.
- Select "Create New Users".
- Enter a single user called jumphost and keep the "Generate an access key for each User" selected.
- Click "Create". In the resulting dialog, do not immediately close the window. Click “Download credentials”, then you can close the window.
- Select the created jumphost user.
- Select "Permissions" tab in the lower section. Click “Attach User Policy”.
- Select "Administrator Access". (Relatively arbitrary but it’ll work for our tutorial use-cases. Though you should familiarize yourself with a complex set of roles).
- Click "Apply Policy".
