How to Create a Read-only IAM user in AWS

by Jack
5 minutes
How to Create a Read-only IAM user in AWS

This step-by-step guide aims to explain the process of creating an AWS user with read only access.

There are several reasons why you might want to create a read-only user in Amazon Web Services (AWS). For example, a read-only user can be useful for:

  • Providing access to your AWS resources to other users or applications that only need to view or read data, but not make any changes.
  • Implementing least privilege access, which is a security best practice that involves giving users the minimum level of access they need to perform their tasks. This can help reduce the risk of unauthorized access or changes to your AWS resources.
  • Auditing or monitoring the actions of other users who have been granted access to your AWS account. By creating a read-only user, you can track and review the actions of that user without giving them the ability to make any changes.
  • Complying with regulations or compliance standards that require you to limit and monitor access to your AWS resources.
  • Overall, creating a read-only user in AWS can help you improve the security and control of your AWS environment, and make it easier to manage access to your resources.

To create an Amazon Web Services (AWS) user with read-only access, you can use the AWS Identity and Access Management (IAM) console. IAM enables you to manage access to AWS resources and provides a safe and secure way to manage users & their permissions.

Here are the steps to create an AWS user with read-only access using IAM:

  1. Sign in to the AWS Management Console and go to the IAM section.
  2. In the navigation menu, click on "Users" and then click on the "Add users" button.
  3. Enter a name for the user and select the "Programmatic access" checkbox. This will allow the user to access AWS resources using the AWS command-line interface (CLI) or an API.
    Create AWS User and Set Type
  4. Click on the "Next: Permissions" button.
  5. On the "Set permissions" page, select the "Attach existing policies directly" option. In the search box, type "ReadOnlyAccess" or select the "AmazonS3ReadOnlyAccess" policy.
    Attach a read only policy to an AWS user
  6. Aforementioned policies allow the user to read objects in Amazon S3 bucket, but does not make any changes. ReadOnlyAccess policy on the other hand will (mostly) grant read-only access to all the AWS services.
  7. Click on the "Next: Review" button to review the user details and permissions.
    review AWS user settings
  8. If everything looks correct, click on the "Create user" button to create the user.
  9. On the "Success" page, you will see the access key and secret access key for the user. These keys can be downloaded in CSV file to access AWS resources using the CLI or an API.
    Download generated AWS read only user api key and secret
  10. Done.

After creating the user, you can add additional policies to grant the user access to other AWS resources. You can also use IAM groups to manage permissions for multiple users at once. For more information, you can consult the IAM documentation on the AWS website.