Reputation: 11
Can we create one IAM User that has access to create other IAM users in AWS
In S3, can we create an IAM user and give it rights to create other IAM users?
Upvotes: 1
Views: 85
Answers (2)
Reputation: 306
The policy specified by Maverick in the above answer can create a new user and create access and secret keys for the user. However, it cannot create or attach any policies to the created user. So, I'm adding the required permission to create and attach IAM and inline policies for IAM users.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:AttachUserPolicy",
"iam:CreateAccessKey",
"iam:CreatePolicy",
"iam:CreateUser",
"iam:PutUserPolicy"
],
"Resource": "*"
}
]
}
Refer this for more information about actions related to Identity and Access Management (IAM) in AWS: https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html
Upvotes: 1
Reputation: 156
S3 and IAM are 2 different AWS services. S3 has nothing to do with IAM user creation.
I'll go ahead and assume that you meant creating an IAM user with permissions to create other users.
Yes, it is possible to do so. You just have to attach a suitable IAM policy to the newly created user. Following policy should get you started.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:CreateUser",
"iam:CreateAccessKey"
],
"Resource": "*"
}
]
}
Upvotes: 1
Related Questions
- Can IAM user be assumed from IAM Role within the same account?
- S3 access to only one IAM user
- Can a IAM user create another "sub" IAM user himself?
- Allow multiple users access to private S3 folder using IAM roles
- AWS multi account
- Grant aws iam role permissions to an iam user in same account
- How to manage multiple IAM users on a single EC2 instance?
- IAM role based on an existing set of credentials from another account
- AWS S3 grant access to single IAM user
- Can I create a user in AWS IAM that only has rights to create users and place them in a specific Group?