Skip to content

New Account

You're going to need a new IAM User to interact with the AWS API from Terraform. This is because you have to generate an access and secret key pair. It's this set of keys that we need to use to authenticate against the AWS API.

The process of creating an IAM User is quite lengthy and extremely well documented in the official documentation. In light of this we suggest you please read the instructions under the "Creating IAM users (console)" page, but keep in mind the following information as you make your way through the list.


All of the below details are "at the time of writing" and may not be correct. Let us know if you spot this and we can update the book accordingly.

Programmatic and Console Access

Point 4 in the official documentation ("Creating IAM users (console)") states:

Select the type of access this set of users will have. You can select programmatic access, access to the AWS Management Console, or both.

You will need to select both "Programmatic access" and "AWS Management Console access". You're going to need AWS API keys ("Programmatic access") and web console access ("AWS Management Console access") so that you can check youir work after Terraform has completed.

Checkout this screenshot for what this looks like:

A new pipeline in detail

Password Reset

Point 4.b is an optional step, "Require password reset", you can select. Ultimately this is up to you - you can try forcing a new password prompt on first login for the experience - but you don't really need to do this given you're creating this account for yourself.

Set Permission

At step 6 you're offered the chance to define the permission your new user account will have. Select, "Attach existing policies directly" and choose the following policies:

  • AdministratorAccess

This looks like this:

A new pipeline in detail

The section in point 7 on "Set permissions boundary" can be ignored.


No tags are needed at this point.

API Keys

An important part of this process is step 11, the very last step in the process. You'll have the chance now to grab several key pieces of information:

  1. Access key ID
  2. Secret access key
  3. Password

You can see this in the screenshot below:


The details in this screenshot have been deleted since publishing this image for obvious reasons. I've included them here so you can see a complete solution and compare it to your own results.

A new pipeline in detail

You'll notice there's an option to the far right: "Send email". This is a good idea if you want to send your self an instructional email on how-to use these credentials.

The access and secret keys are what we're going to be using later on, so make sure you store these in a password manager.

Multi-Factor Authentication (MFA)

We highly recommend you set up MFA on both your AWS root account and the new IAM User you just created.

This process has been documented here.


Now that we have an AWS account and a new IAM User, we can install the AWS CLI tools into our VM and check everything is working as expected.

Last update: August 24, 2021