To set up AWS IAM users and permissions for provisioning AWS resources, along with creating roles using custom trust policies that IAM users can assume to access resources, follow these steps
User Creation
1) Access the AWS Console and click on "IAM."
2) Click the "Create user" button in the top right corner of the IAM menu.
3) Enter the username.
5) Verify that the user has been created successfully.
6) Copy the ARN (Amazon Resource Name) of the created user.
1) In the IAM menu, navigate to [Access management] - [Policies] and click the "Create policy" button.
2) Click on JSON in the policy editor and edit the policy as needed.
3) Set a name for the policy and click "Create policy."
1) In the IAM menu, go to [Access management] - [Roles] and click the "Create role" button.
2) Choose "Trusted entity type" as "Custom trust policy," click "Add" in the "Add trusted entities" section.
3) Add [Principal Entity Types] - [IAM users] & [AWS services].
IAM users : ARN (Amazon Resource Name) of the created user
AWS services: Name of the service you intend to use (e.g., eks)
4) Add the necessary permissions
AmazonEBSCSIDriverPolicy
AmazonEC2FullAccess
AmazonVPCFullAccess
IAMFullAccess
EKSFullPolicy
5) Set a name for the role and click "Create role."
6) Verify the created role.
2) Click "Next" under the "Select" section, choose "Other," and click "Next."
3) Enter a description tag for the access key and click "Create access key."
4) Confirm the generated access key and secret access key.
5) Save the generated access key for later use.
4) In the "Permissions" options, select "Add user to group," click "Next," and proceed with the creation.
1) Click on the user with granted permissions, go to the [Security credentials] tab, and click "Create access key" on the top right of the "Access keys" box.
This section introduces the process of configuring users and permissions to provision resources from the cloud provider. Currently, only AWS is supported, and it is noted that additional cloud providers may be added in the future.
