In IAM, you can assign an IAM role to an IAM user, wondering how to do it? Then take a peek at this blog.

Here at Bobcares, we have seen several such AWS related queries as part of our AWS Support Services for AWS users, and online service providers.

Today we’ll take a look at how to assign IAM users to the IAM role.

Know more about IAM user

An AWS user is an entity that is created to represent a person or an application that uses to interact with AWS.

A user in AWS comprises of username and credentials. An IAM user with administrator permissions is not the same thing as the AWS account root user.

How does an IAM user sign in?

In order to sign in to AWS Management Console as an IAM user, you need an account ID, username, and password.

When we create an IAM user in the console, we will be provided with the username and the account sign-in page URL. This URL includes the account ID as below

https://My_AWS_Account_ID.signin.aws.amazon.com/console/

However, you can also sign into the account using the below general URL and enter the account ID manually.

https://console.aws.amazon.com/

For user convenience, the AWS sign-in page uses a browser cookie so that it remembers the IAM username and account details. As a result, when the user accesses any page in AWS Management Console, the console uses the cookie to redirect the user to the account sign-in page.

Know more about IAM Role

An IAM is an IAM entity that defines a set of permissions that grant access to actions and resources in AWS.

It is not associated uniquely to a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services such as EC2.

In IAM, how we assign a role to a user?

Now let’s see what instructions our Support Engineers provide to assign IAM users to an IAM role.

In order to assign an existing IAM role to an AWS Directory Service user or group, the role must have a trust relationship with AWS Directory Service.

Here are the steps below to assign users or groups to an IAM role.

1. First, access the AWS Directory Service console navigation pane, here choose Directories.

2. On the Directories page, choose your directory ID. Then in the Directory details page, select the Application management tab.

3. In the AWS Management Console section, under Delegate console access, choose the IAM role name for the existing IAM role that you want to assign users to. If the role has not yet been created, then create a New Role.

4. On the Selected role page, under Manage users and groups for this role, choose Add.

5. On the Add users and groups to the role page, under Select Active Directory Forest, choose either the AWS Managed Microsoft AD forest (this forest) or the on-premises forest (trusted forest), whichever contains were the accounts that need access to the AWS Management Console.

6. After that, under Specify which users or groups to add, select either ‘Find by user‘ or ‘Find by group‘. Then type the name of the user or group. In the list of possible matches, choose the user or group that you want to add.

7. Finally, choose Add to finish assigning the users and groups to the role.

You can’t access users in nested groups within your directory as it is not supported. Because members of the parent group have console access, but members of child groups do not.

[Need any further assistance in assigning IAM roles to users? – We are here to help you.]

Conclusion

Today, we saw how to assign an existing IAM Role to an IAM user.