Help Center> Identity and Access Management> User Guide (Kuala Lumpur Region)> User Guide> IAM Users> Creating an IAM User
Updated on 2022-08-18 GMT+08:00
View PDF

Creating an IAM User

If you are an administrator and have created multiple resources on the cloud platform, such as Elastic Cloud Servers (ECSs), Elastic Volume Service (EVS) disks, and Bare Metal Servers (BMSs), you can create IAM users grant them permissions required to perform operations on specific resources. You do not need to share the password of your account.

By default, new IAM users do not have permissions. You can assign permissions to new users, or add them to one or more groups and grant permissions to these groups by referring to Assigning Permissions to a User Group so that the users can inherit the permissions of the groups. The users then can perform specific operations on cloud services as specified by the permissions.

The default user group admin has all permissions required to use all of the cloud resources. Users in this group can perform operations on all the resources, including but not limited to creating user groups and users, modifying permissions, and managing resources.

If you delete a user and create a new user with the same name, you need to grant the required permissions to the new user again.

Procedure

  1. Log in to the IAM console as an administrator.
  2. On the IAM console, choose Users from the navigation pane, and click Create User in the upper right corner.
  3. Specify the user information on the displayed page. To create more users, click Add User. You can add a maximum of 10 users at a time.

    • A username, mobile number, or an email address can be bound to one IAM user or one account only.
    • Users who have access to the management console can log in to the cloud platform using their usernames, email addresses, or mobile numbers.
    • The mobile number is optional. If the mobile number of an IAM user has been bound to an account or another user, bind an email address or virtual MFA device to the user for identity verification.
    • If a user forgets their password, they can reset it through email address or mobile number verification. If no email address or mobile number has been bound to the user, they need to request the administrator to reset their password.

  4. Select an access type.

    • Programmatic access: Select this option to allow the user to access cloud services using development tools, such as APIs, CLI, and SDKs. You can generate an access key or set a password for the user.
    • Management console access: Select this option to allow the user to access cloud services using the management console. You can set or generate a password for the user or request the user to set a password at first login.

  5. Configure login protection. This parameter is available only when you have selected Management console access for Access Type.

  6. (Optional) Click Next and add the user to one or more user groups.

    • The user will inherit the permissions assigned to the user groups.
    • You can also create new groups and add the user to these groups.
    • If the user will be an administrator, add the user to the default group admin.
    • You can add a user to a maximum of 10 user groups.

  7. Click Create.

    • If you have selected Programmatic access for Access Type in 4, you can download the access key on the Finish page.
    • If you have selected Password > Automatically generated for Credential Type in 4, you can download the password file on the Finish page.

Parent topic: IAM Users