Step 1: Navigate to IAM (Identity and Access Management)
In the AWS Management Console, navigate to the "Services" menu.
Under "Security, Identity, & Compliance," click on "IAM" (Identity and Access Management).
Step 2: Create a New IAM User
In the IAM dashboard, click on "Users" in the left sidebar.
Click the "Create user" button.
Step 3: Enter User Details
Step 4: Add a Custom Policy
In the "Add user to group" section, click on "Attach policies directly."
Click the "Create policy" button to define a custom policy.
Custom Onepane Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"rds:DescribeDBRecommendations",
"rds:DescribeGlobalClusters",
"route53:GetHealthCheck",
"ec2:DescribeSnapshots",
"ec2:DescribeLocalGatewayVirtualInterfaces",
"ecs:DescribeTaskDefinition",
"elasticmapreduce:ListRepositories",
"cloudwatch:ListServices",
"rds:DescribeRecommendations",
"elasticmapreduce:ListInstanceGroups",
"cloudwatch:GetService",
"kinesis:ListStreams",
"elasticmapreduce:ListInstances",
"ec2:DescribeVolumeStatus",
"elasticmapreduce:ListSecurityConfigurations",
"resource-explorer-2:ListViews",
"ec2:DescribeVolumes",
"route53:GetHostedZoneCount",
"ec2:DescribeKeyPairs",
"ebs:GetSnapshotBlock",
"sns:ListSubscriptionsByTopic",
"elasticmapreduce:DescribeRepository",
"ec2:DescribeVpcClassicLinkDnsSupport",
"elasticmapreduce:ListSteps",
"cloudformation:ListResourceRequests",
"ec2:DescribeIdFormat",
"resource-explorer-2:ListTagsForResource",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeVolumeAttribute",
"route53:ListTagsForResources",
"route53:GetAccountLimit",
"ec2:GetPasswordData",
"rds:DescribeBlueGreenDeployments",
"cloudformation:GetResource",
"ec2:DescribeScheduledInstances",
"ec2:DescribeIpv6Pools",
"ec2:DescribeFleets",
"route53:GetGeoLocation",
"eks:ListClusters",
"ec2:DescribeReservedInstancesModifications",
"ecs:ListContainerInstances",
"ec2:DescribeSubnets",
"sns:GetSMSAttributes",
"elasticmapreduce:ListStudios",
"ecs:ListAttributes",
"ec2:DescribeRegions",
"eks:ListAccessEntries",
"rds:DescribeTenantDatabases",
"sns:ListTopics",
"ec2:DescribeVpcEndpointServices",
"rds:DescribeDBClusterBacktracks",
"ec2:DescribeVpcAttribute",
"cloudwatch:ListMetrics",
"route53:ListQueryLoggingConfigs",
"ec2:GetTransitGatewayPolicyTableEntries",
"ecs:ListServices",
"elasticmapreduce:DescribeStep",
"route53:GetCheckerIpRanges",
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ecs:ListTasks",
"rds:DescribeDBInstances",
"route53:ListGeoLocations",
"elasticmapreduce:DescribeEditor",
"ec2:DescribeLocalGatewayRouteTables",
"ec2:DescribeVpcEndpointConnections",
"kinesis:DescribeLimits",
"ec2:DescribeInstanceStatus",
"rds:DescribeEvents",
"ecs:ListServicesByNamespace",
"cloudformation:GetResourceRequestStatus",
"route53:ListHostedZones",
"elasticmapreduce:ListInstanceFleets",
"kinesis:DescribeStream",
"sns:ListSubscriptions",
"ec2:DescribeVpcEndpointConnectionNotifications",
"route53:ListTagsForResource",
"ec2:DescribeSecurityGroups",
"elasticmapreduce:ListReleaseLabels",
"sns:ListOriginationNumbers",
"ecs:ListAccountSettings",
"route53:ListHealthChecks",
"rds:ListTagsForResource",
"cloudwatch:ListMetricStreams",
"ec2:DescribeVpcs",
"ec2:DescribeIpams",
"route53:ListCidrCollections",
"elasticmapreduce:ListEditors",
"sns:ListPlatformApplications",
"elasticfilesystem:DescribeBackupPolicy",
"kinesis:SubscribeToShard",
"eks:ListTagsForResource",
"ec2:GetInstanceUefiData",
"kinesis:ListShards",
"route53:GetHostedZone",
"ec2:DescribePlacementGroups",
"rds:DescribeDBClusterAutomatedBackups",
"ec2:DescribeInternetGateways",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:ListDashboards",
"ec2:DescribeReservedInstances",
"apigateway:GET",
"ec2:DescribeRouteTables",
"sns:ListTagsForResource",
"eks:ListNodegroups",
"cloudwatch:GetDashboard",
"rds:DescribeDBSnapshots",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeFleetInstances",
"resource-explorer-2:GetView",
"ec2:DescribeVpcEndpointServiceConfigurations",
"sns:GetSubscriptionAttributes",
"elasticmapreduce:ListNotebookExecutions",
"ec2:DescribeVpcClassicLink",
"ecs:DescribeClusters",
"ec2:DescribeSecurityGroupRules",
"eks:AccessKubernetesApi",
"resource-explorer-2:ListIndexes",
"ec2:DescribeInstanceTypes",
"kinesis:GetRecords",
"eks:DescribeCluster",
"ec2:DescribeVpcEndpoints",
"kinesis:ListStreamConsumers",
"ec2:DescribeVpnGateways",
"ec2:ListSnapshotsInRecycleBin",
"ec2:GetResourcePolicy",
"eks:ListEksAnywhereSubscriptions",
"ec2:DescribeAddresses",
"cloudwatch:GenerateQuery",
"route53:GetChange",
"cloudwatch:GetMetricData",
"elasticfilesystem:ListTagsForResource",
"rds:DescribeDBEngineVersions",
"ec2:DescribeInstanceAttribute",
"rds:DescribeExportTasks",
"kinesis:GetResourcePolicy",
"elasticmapreduce:DescribeCluster",
"resource-explorer-2:Search",
"cloudwatch:GetServiceData",
"ebs:ListChangedBlocks",
"ec2:GetConsoleOutput",
"ec2:DescribeNetworkInterfaces",
"elasticfilesystem:DescribeLifecycleConfiguration",
"elasticfilesystem:DescribeFileSystemPolicy",
"elasticmapreduce:ListClusters",
"ecs:DescribeServices",
"ec2:ListImagesInRecycleBin",
"elasticfilesystem:DescribeFileSystems",
"ecs:DescribeContainerInstances",
"ecs:ListClusters",
"route53:GetHealthCheckStatus",
"resource-explorer-2:ListSupportedResourceTypes",
"ec2:DescribeTags",
"ebs:ListSnapshotBlocks",
"elasticfilesystem:DescribeAccessPoints",
"rds:DescribeDBLogFiles",
"ec2:DescribeNatGateways",
"ec2:DescribeCustomerGateways",
"ec2:DescribeLocalGateways",
"kinesis:ListTagsForStream",
"eks:ListInsights",
"ec2:DescribeHosts",
"ec2:DescribeImages",
"cloudformation:ListResources",
"elasticfilesystem:DescribeTags",
"ec2:DescribePublicIpv4Pools",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusterEndpoints",
"route53:ListCidrLocations",
"rds:DescribeDBClusters"
],
"Resource": "*"
}
]
}
Step 5: Add Tags if needed
Click "Next: Tags" if you don't need to add any tags.
Click "Next: Review."
Step 6: Create user
Click "Create user"
User created with Onepane policy