# Create IAM user ## Introduction The primary AWS account, also called the root account, is very powerful in terms of access. To avoid losing its keys or secrets, we will create a IAM Administrator account which will have the same privileges as a AWS root account except for access to certain features like billing which we can anyways access using the root account. ## What are we going to cover? In this chapter, we will create a IAM user with Administrator privileges that will be used throughout the rest of the class to create labs, attack targets and break stuff. ## Steps to create an IAM user Search for IAM in the services ![IAM Service](https://441555962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M4co4Py2DyRvsKhKa-u%2F-M4dKiFJor0gJgjeW_pX%2F-M4dKrVXAS4_sxWJ0qyv%2Faws-iam-step1.png?generation=1586610283640678\&alt=media) Click on users > Add user Create a user called 'iamadmin' with the following settings AccessType: Programmatic access and AWS Management Console access Console Password: Select Custom password > Provide a strong alphanumeric character Uncheck require password reset > We are only asking you *uncheck require password reset* to do this for the purposes of the training ![IAM new user](https://441555962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M4co4Py2DyRvsKhKa-u%2F-M4dKiFJor0gJgjeW_pX%2F-M4dKrVZVVzjfK0ASVqV%2Faws-iam-step2.png?generation=1586610290754592\&alt=media) Click on 'Attach existing policies directly' and select 'AdministratorAccess' ![IAM set policy](https://441555962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M4co4Py2DyRvsKhKa-u%2F-M4dKiFJor0gJgjeW_pX%2F-M4dKrVaYXge5ZsL-gPp%2Faws-iam-step3.png?generation=1586610290453937\&alt=media) Click Next and Create User ![AWS IAM success message with important information](https://441555962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M4co4Py2DyRvsKhKa-u%2F-M4dKiFJor0gJgjeW_pX%2F-M4dKrVc89ZryZFuMf2n%2Faws-iam-unique-success-message.png?generation=1586610283343607\&alt=media) Copy and save the following in your text editor in the student VM 1. Access key ID 2. Secret access key 3. Unique sign in URL (Bookmark this link) ## Additional Information * [Create IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html)