In this blog post, I will show you how to create a read-only AWS account for view-only purposes.
It is very common to give read-only access to AWS when you need to give specific people access to view your AWS configuration.
In such cases, you don’t need to give them access to create or configure services.
Identity and Access Management
AWS IAM stands for Amazon Web Services Identity and Access Management. It is a web service that allows you to create, manage and control access to AWS resources and services for your users and applications.
IAM helps you to set up and enforce security best practices for your organization by enabling you to manage user identities, permissions and policies.
With IAM, you can create users, groups, roles, and policies to provide secure access to your AWS resources. IAM is an essential tool for managing and securing your AWS infrastructure.
Create an AWS IAM Read-Only User Account
I will log in to the AWS management console and create an IAM user to get started.
From the AWS console, search for IAM and click on Users from the left navigation menu.
From the users’ menu, click on Add user.
In my case, I will call the user ReadAdmin and give it AWS management console access only.
If needed, I can also enable programmatic access.
In the permissions page, I will select Attach existing policies directly.
I will use the Filter policies drop-down menu, I will select AWS managed – job function, as shown below.
From the policy name, I will select ViewOnlyAccess
I will finish the wizard and log it as I read the only user.
After I logged in and tried to create a user or a resource, I received the following error.
