Create New AWS User & Access Keys – IAM CLI Script

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. This interface allows you to create IAM users, groups, and policies.
We strongly recommend you use roles for cross-account access instead of IAM access keys. IAM access keys require periodic rotation and can be shared or stolen. Roles for cross-account access are a more secure way of granting programmatic access to your AWS accounts. Only use IAM access keys if you absolutely must.

Create CloudCheckr Users in an AWS Account

Use this command below to create an aws account with a secret and access key:

$ aws configure

After running the above command, you will be prompted for a secret key, access key, and region. IAM is independent of region, so at the region prompt, select None or us-west-2 as shown in this example:

$ aws configureAWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLEAWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYDefault region name [None]: us-west-2Default output format [None]: json

Once you are into the system, you can use the following command line to add your user, group and policy.

& aws iam create-group --group-name CloudCheckrGroup$ aws iam create-user --user-name CloudCheckrUser$ aws iam add-user-to-group --user-name CloudCheckrUser --group-name CloudCheckrGroup$ aws iam get-group --group-name CloudCheckrGroup$ aws iam put-group-policy --group-name CloudCheckrGroup --policy-name CloudCheckrPolicy --policy-document https://s3.amazonaws.com/checkr3/CC_IAM_FullPolicy.json

If for some reason the above line of code does not work, you will have to download the file from here and use the this line:

$ aws iam put-group-policy --group-name CloudCheckrGroup --policy-name CloudCheckrPolicy --policy-document file://C:TempMyPolicyFile.json

If using the above line, make sure you identified the correct file path. After you have created these scripts, you need to create an access key with the following script:

$ aws iam create-access-key --user-name CloudCheckrUser

For more information, review the Installing the AWS Command Line Interface topic.

How did we do?