In addition to admin users, you can also add users who lack admin permissions. For example, these users might be installers who access the Amazon One console only to retrieve device activation QR codes to activate Amazon One devices.
To add an Amazon One user
-
Follow the sign-in procedure appropriate to your user type as described in How to sign in to AWS in the AWS Sign-In User Guide.
-
In the navigation pane, select Users, and then select Add users.
-
On the Specify user details page, under User details, in User name, enter the name for the new user. This is their sign-in name for AWS.
Note
The number and size of IAM resources in an AWS account are limited. For more information, see IAM and AWS STS quotas. User names can be a combination of up to 64 letters, digits, and the following characters: plus (+), equal (=),comma (,), period (.), at sign (@), underscore (_), and hyphen (-). Names must be unique within an account. They are not distinguished by case. For example, you cannot create two users named TESTUSER and testuser. When a user name is used in a policy or as part of an ARN, the name is case sensitive. When a user name appears to customers in the console, such as during the sign-in process, the user name is case insensitive.
-
You are asked whether you are providing console access to a person. Select Provide user access to the – AWS Management Console optional.
-
Select I want to create an IAM user.
-
For Console password, select one of the following:
-
Autogenerated password – The user is given a randomly generated password that meets the account password policy. You can view or download the password when you get to the Retrieve password page.
-
Custom password – The user is assigned the password that you enter in the field.
-
-
(Optional) By default, Users must create a new password at next sign-in (recommended) is selected to ensure that the user is required to change their password the first time they sign in.
Note
If an administrator has enabled the Allow users to change their own password account password policy setting
, then this check box does nothing. Otherwise, it automatically attaches an AWS managed policy named IAMUserChangePasswordto the new users. The policy grants them permission to change their own passwords. -
Select Next.
-
On the Set permissions page, choose Attach policies directly.
-
Select the policies that you want to attach to the user.
Note
AmazonOneEnterpriseInstallerAccess managed policy will provide user access to activation QR codes only in the Amazon One Enterprise console. This policy is ideal for enterprises that hire a third party to install Amazon One devices.
-
Select Next.
-
(Optional) On the Review and create page, under Tags, select Add new tag to add metadata to the user by attaching tags as key-value pairs. For more information about using tags in IAM, see Tagging IAM resources.
-
Review all of the choices that you made up to this point. When you are ready to proceed, select Create user.
-
On the Retrieve password page, get the password assigned to the user:
-
Select Show next to the password to view the user's password so that you can record it manually.
-
Select Download .csv to download the user's sign-in credentials as a .csv file that you can save to a safe location.
-
-
Select Email sign-in instructions. Your local mail client opens with a draft that you can customize and send to the user. The email template includes the following details for each user:
-
User name
-
URL to the account sign-in page. Use the following example, substituting the correct account ID number or account alias:
https://AWS-account-IDoralias.signin.aws.amazon.com/console
Important
The user's password is not included in the generated email. You must provide the password to the user in a way that complies with your organization's security guidelines.
-
