This short tutorial will show AWS Cloud Administrators how to create an IAM policy that gives cloud users permissions to generate their own Access Keys and SSH Keys. We will also include permission to change password without contacting Admin for such basic requests.

For this you need to create an IAM policy under IAM > Policies > Create policy

Here is the policy json code to use.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:ListUsers",
                "iam:GetAccountPasswordPolicy"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:*AccessKey*",
                "iam:*SSHPublicKey*",
                "iam:ChangePassword",
                "iam:GetUser",
                "iam:*ServiceSpecificCredential*",
                "iam:*SigningCertificate*"
            ],
            "Resource": [
                "arn:aws:iam::*:user/${aws:username}"
            ]
        }
    ]
}

See below screenshot of the same.

Review the policy and agree to create if all looks good.

You can then attach the policy to a user group or directly to an IAM user account.

You can now ask the users in a group attached to policy if they’re able to generate Access and SSH keys.

Similar guides:

How To Install Terraform on Amazon Linux

How To Install Docker CE on Amazon Linux 2

LEAVE A REPLY

Please enter your comment!
Please enter your name here

2 × 1 =