Registry Use Terraform Cloud for free Browse Publish Sign-in So We have reached the last section of this article. has you covered. update-access-key. and you must delete an access key before you can create a new one. How are we doing? choose the Download .csv file button. Edit the IAM role. anywhere, Curated list of templates built by Knolders to reduce the You must changethe values highlightedas these are specific to my environment. longer in use before you permanently delete it. Then, you can pull a credentials report to learn which IAM user owns the keys. disruptors, Functional and emotional journey online and There are some key takeaways that I want to point out: Beside using most common method which is using IAM user that associated with AWS Credentials (AWS Access Key ID and AWS Secret Access Key) and IAM policy, we can provision AWS resource via Terraform using IAM role reference (IAM assume role) We help our clients to /Subject ( P u r e S t o r a g e B l o g) outputs are empty. Is email scraping still a thing for spammers. Heres the content of the iam_user_policy_attachement.tf file: You can use IAM User SSH Keys to authenticate access and enable MFA to AWS resources such as AWS CodeCommit repositories. We To delete your access key, choose Actions, and then Do flight companies have to make it clear what visas you might need before selling you tickets? Create new AWS credentials (AWS Access Key ID and AWS Secret Acces Key) that will be used by IAM intermediary user. with Knoldus Digital Platform, Accelerate pattern recognition and decision table by completing the following steps: Above the table on the far right, choose the settings icon ( If you have multiple profiles of aws, with different accounts and IAM authentication keys, add those entries in the credentials file as follows: Check out more blogs on Terraform:https://blog.knoldus.com/?s=terraform, https://registry.terraform.io/providers/hashicorp/aws/latest/docs#environment-variables. The tag key is set to the access key id. /Size 8 Please refer to your browser's Help pages for instructions. including your billing information. Under the "Access keys for CLI, SDK, & API access" section, find the access key, and then, under the "Actions" column, choose Delete. Do not provide your access keys to unauthorized >, Add it to your configuration files while defining your variable. Javascript is disabled or is unavailable in your browser. See LICENSE for full details. As AWS IAM Users and Groups, you can assign policies to Roles. age. Next commit and push terraform codes to the repository. Before specifying these keys, you need to create them from the AWS Console and do not share these keys with anyone. AWS ). IAM users cannot manage Add this path to the shared_credentials_file section in your aws provider block. This main.tf will read values of variables from variables . use before proceeding. The tag value is set to the access Module is maintained by Anton Babenko with help from these awesome contributors. before deleting it. Choose the name of the intended user, and then choose the Security variable). This operation works for access keys under the AWS account. later. One approach is to wait several days and then check the old access key for any At this point, the user If you are interested in how to configure Terraform Cloud workspace and how to run Terraform plans and apply for the provision of AWS resources, please check out my other blog post here. value = "$ {aws_iam_access_key.jwr.encrypted_secret}" } $ terraform output. endobj You will add the values in the variables section of your configuration files. access key. For example, for EC2 service, it might be AWS EC2 API reference. For CloudFormation, the ServerlessOpsIO/infrastructure, ServerlessOpsIO/infrastructure and ServerlessOpsIO/infrastructure source code examples are useful. ` variable aws_region {} provider "aws" { region = "${var.aws_region}" } r. You will be prompted to provide your input to create the resources. /Contents 4 0 R>> Use iam-read-only-policy module module to manage IAM read-only policies. Note the main.tf file: In this file is set up the AWS as a provider each one of the accounts profile names and the region. The secret access key is available only at the time you create it. When you create an AWS account, you begin with one sign-in identity that has complete access to all AWS services Next in Terraform Code, I created file main.tf. I am using "vim" as an editor to write in files, you can use an editor of your choice and copy paste the following configurations to create variables.tf, terraform.tfvars and main.tf. The secret access key can Before proceeding, I assume that you are familiar with the basics of Terraform and AWS IAM Users. 0000000473 00000 n /PageLayout /OneColumn <> xref (console). 4 0 obj Before you execute the following commands make sure you have configured the valid access_key and secret_key. When you create an access key for your user, that key pair is active by remove technology roadblocks and leverage their core assets. 0000000534 00000 n Sign up for our free weekly newsletter. strongly recommend that you don't use the root user for your everyday tasks. This operation does not indicate the state of the access key. The following sections describe 10 examples of how to use the resource and its parameters. rev2023.3.1.43266. credentials for an IAM user or an AWS account root user. Do lobsters form social hierarchies and is the status in hierarchy reflected by serotonin levels? Note: Once you create a user, assign a password to it from the AWS Console using Root user. In Manage columns, select Access key /Type /Catalog Heres the content of the iam_user_ssh_key.tf file: An AWS account password policy defines the rules to follow when creating passwords to have strong passwords. The requisites of this tutorial are: have a AWS console account. have been updated, you can delete the first access key: In the Access keys section for the access key you alternatives page, choose Other, then Note: every AWS service has APIs that define what actions AWS users or roles can perform with the service. Are you sure you want to create this branch? In this blogpost, I used IAM role that associated with IAM policy that needed for provision AWS resource. Check out Circuit. key-value pair to your IAM user. Thanks for contributing an answer to Stack Overflow! account identifiers, AWS: Allows IAM users to manage their own password, access keys, and SSH public creating a long-term access key. - BMW Oct 19, 2017 at 11:03 Ok. Well thank you for confirming. For the complete list of tasks that require you to sign in as the root user, see Tasks that require root user credentials in the AWS Account Management Reference Guide. significantly, Catalyze your Digital Transformation journey then choose Activate. To create an AWS IAM Role with an access policy, you can use the aws_iam_role_policy resource and define the required arguments, such as role to attach the policy and the policy document configured in JSON format. Fix issues in your infrastructure as code with auto-generated patches. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys . The following keys need to be changed with the keys of your IAM user used to create resources on AWS. If you still need to use long-term access keys, you can create, modify, view, or rotate credentials, such as when an employee leaves your company. This would be the most naive way to do it. This main.tf will read values of variables from variables.tf and terraform.tfvars. an access key, choose Other and then choose In this file, I declared terraform configuration that refers to terraform cloud (app.terraform.io) as a remote backend. Why the method describeSubnets in AmazonEC2ClientWrapper results in the AuthFailure? endobj In this section, I will explain configuration steps that needed for provisioning AWS resource. Manage your access keys securely. All Terraform files are in the same folder and belong to the same Terraform state file: Make sure to use commands to avoid unnecessary errors while following the article: To start managing the AWS IAM service, you need to declare the AWS Terraform provider in a providers.tf file: Run the terraform init command to initialize the Terraform working directory with the AWS plugins for the terraform configuration. This article section will cover how to manage AWS users using Terraform. reactivate the first access key. In this article we will create a user and assignit administrator's permissions. more information, see Rotating access keys. /ID [ ] The following keys need to be changed with the keys of your IAM user used to create resources on AWS. About. 3. return to the main sign-in page. by its state; for example, 23478207027842073230762374023 For Here is the example of IAM group and IAM user when verified from AWS Web Console. In this article, we will see how to create an IAM User. Examining the data with different tools such as Pacu and TruffleHog during the incident investigation, it was possible to find both a clear-text IAM user access key and secret key in the terraform.tfstate file inside of an S3 bucket. If you We don't recommend generating access keys for your AWS has an option to force the user to . To create access keys for your own IAM user, you must have the permissions from the There are many ways to do it. This is a set of credentials that allow API requests to be made as an IAM user. <> IAM role will run assume role to IAM intermediary user before it can send API call that used for provision AWS resource, The idea is we only concern about AWS keys that used by IAM intermediary user. In the state file? In the Terraform examples there is no import section for aws_iam_user_policy or for aws_iam_access_key. Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. This command is used to see the changes that will take place on the infrastructure. The first one (source) is going to be used to create the IAM Role to provide AmazonEC2FullAccess role to the the second account (destination) to create the EC2 instance on the source account behalf. By using the above method, make sure that you dont commit your code to a public repository. Roles can be assumed by entities that you trust. Here is the example of code: 4. Security best practices in IAM. AWS IAM Roles are identities you can create with specific permissions with valid credentials or access keys for short durations. The policy argument should contain a valid IAM policy document. this point because they no longer have access to AWS resources. In our case it is AWS. We stay on the cutting edge of technology and processes to deliver future-ready solutions. Use the following command to create a directory and change your present working directory to it. Create an OpenID Connect identity provider in AWS IAM. Choose Close to return to the list of users and confirm You signed in with another tab or window. After you've saved your secret access key in a secure access key in a secure location, choose Done. keys. Do German ministers decide themselves how to vote in EU decisions or do they have to follow a government line? This is useful in case you are ever in a situation where you must rotate PGP (Pretty Good Privacy) is a data encryption method that transforms plain text into an encrypted text block that can be shared and transmitted securely over the network. While the first access key is still active, create a second access key, which If necessary, add the Access key ID column to the users table time to market. We and our partners use data for Personalised ads and content, ad and content measurement, audience insights and product development. This could expose your IAM credentials. then choose Deactivate. The requisites of this production, Monitoring and alerting for complex systems /Pages 1 0 R If you do not want to assign the admin access to theuser you are creating you can change it by defining thePolicy ARN of your policy of choice. Access keys consist of two parts: an access key ID (for example, 5 0 obj The consent submitted will only be used for data processing originating from this website. IAM Best Practices. the process. access keys for AWS, find your provides general recommendations for helping to secure your AWS There was a problem preparing your codespace, please try again. See the Terraform Example section for further details. choose your use case to learn about additional options which can help you avoid Change the role_arn to the ARN of the IAM role you got in the last step opening the IAM service under Roles youre going to see the created role. In this case, the user has permission to read all the information about the EC2 resources. 3. Connect and share knowledge within a single location that is structured and easy to search. Instead of using the jsonencode() function and defining a policy using JSON syntax, it is also convenient to use the aws_iam_policy_document data source. For Terraform, the jonasv/MFTEST_source-code, knagu/terraform-eks-main and zoitech/terraform-aws-s3-with-iam-access source code examples are useful. From deep technical topics to current business trends, our Although this IAM user is not associated with any IAM policy at all and just IAM role that associated with IAM policy. All three work together to control access to cloud resources usually perform the tasks that only the root user can perform. How to measure (neutral wire) contact resistance/corrosion, The number of distinct words in a sentence, Dealing with hard questions during a software developer interview. To subscribe to this RSS feed, copy and paste this URL into your RSS reader. If nothing happens, download GitHub Desktop and try again. users specify their own user name as their source identity. __CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"f3080":{"name":"Main Accent","parent":-1},"f2bba":{"name":"Main Light 10","parent":"f3080"},"trewq":{"name":"Main Light 30","parent":"f3080"},"poiuy":{"name":"Main Light 80","parent":"f3080"},"f83d7":{"name":"Main Light 80","parent":"f3080"},"frty6":{"name":"Main Light 45","parent":"f3080"},"flktr":{"name":"Main Light 80","parent":"f3080"}},"gradients":[]},"palettes":[{"name":"Default","value":{"colors":{"f3080":{"val":"var(--tcb-skin-color-4)"},"f2bba":{"val":"rgba(11, 16, 19, 0.5)","hsl_parent_dependency":{"h":206,"l":0.06,"s":0.27}},"trewq":{"val":"rgba(11, 16, 19, 0.7)","hsl_parent_dependency":{"h":206,"l":0.06,"s":0.27}},"poiuy":{"val":"rgba(11, 16, 19, 0.35)","hsl_parent_dependency":{"h":206,"l":0.06,"s":0.27}},"f83d7":{"val":"rgba(11, 16, 19, 0.4)","hsl_parent_dependency":{"h":206,"l":0.06,"s":0.27}},"frty6":{"val":"rgba(11, 16, 19, 0.2)","hsl_parent_dependency":{"h":206,"l":0.06,"s":0.27}},"flktr":{"val":"rgba(11, 16, 19, 0.8)","hsl_parent_dependency":{"h":206,"l":0.06,"s":0.27}}},"gradients":[]},"original":{"colors":{"f3080":{"val":"rgb(23, 23, 22)","hsl":{"h":60,"s":0.02,"l":0.09}},"f2bba":{"val":"rgba(23, 23, 22, 0.5)","hsl_parent_dependency":{"h":60,"s":0.02,"l":0.09,"a":0.5}},"trewq":{"val":"rgba(23, 23, 22, 0.7)","hsl_parent_dependency":{"h":60,"s":0.02,"l":0.09,"a":0.7}},"poiuy":{"val":"rgba(23, 23, 22, 0.35)","hsl_parent_dependency":{"h":60,"s":0.02,"l":0.09,"a":0.35}},"f83d7":{"val":"rgba(23, 23, 22, 0.4)","hsl_parent_dependency":{"h":60,"s":0.02,"l":0.09,"a":0.4}},"frty6":{"val":"rgba(23, 23, 22, 0.2)","hsl_parent_dependency":{"h":60,"s":0.02,"l":0.09,"a":0.2}},"flktr":{"val":"rgba(23, 23, 22, 0.8)","hsl_parent_dependency":{"h":60,"s":0.02,"l":0.09,"a":0.8}}},"gradients":[]}}]}__CONFIG_colors_palette__, {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}, __CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"df70c":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default","value":{"colors":{"df70c":{"val":"var(--tcb-skin-color-28)","hsl":{"h":53,"s":0.4194,"l":0.8176,"a":1}}},"gradients":[]},"original":{"colors":{"df70c":{"val":"rgb(55, 179, 233)","hsl":{"h":198,"s":0.8,"l":0.56,"a":1}}},"gradients":[]}}]}__CONFIG_colors_palette__, Terraform IAM Tutorial Easy AWS automation, 600 Broadway, Ste 200 #6771, Albany, New York, 12207, US, Create a user using Terraforms IAM Module, Create an AWS IAM role and assign a policy, set up access to your AWS account using the AWS access key, AWS Shield The most important information, AWS Inspector The most important information, How to install AWS CLI Windows, Linux, OS X. Providing a deleted access key might return an error that the key doesn't exist. So Id like to manage our AWS IAM users using terraform. then choose Actions, then choose Delete. "policy_arns"variable holds the ARN of the policy which we need to attach to the Userwe will be creating. Our events in your CloudTrail logs. After that your able to create your very first Terraform aws cloud infraestructure. Hope this article will benefit you. following policy: To rotate access keys for your own IAM user, you must have the permissions from the aws_iam_access_key | Resources | hashicorp/aws | Terraform Registry here Registry Use Terraform Cloud for free Browse Publish Sign-in Providers hashicorp aws Version 4.56.0 Latest Version aws Overview Documentation Use Provider aws documentation aws provider Guides ACM (Certificate Manager) Please check some examples of those resources and precautions. Create an IAM user on AWS; Create an access key and secrete access key . If a secret key is lost, you can delete the access keys for the associated user and then create new keys. Use your AWS account email address and password to sign in to the AWS Management Console as the AWS account root user. 'terraform apply' command will create the resources on the AWS mentioned in the main.tf file. password, Product Advertising API 5.0 AWS IAM on Terraform: 3 Key Features IAM is meant for creating and updating users, roles, and user groups. Our accelerators allow time to market reduction by almost 40%, Prebuilt platforms to accelerate your development time credentials (IAM roles) instead of creating long-term credentials like access keys, and You can use this information to find You can rotate access keys from the AWS Command Line Interface. AWS IAM Group policies allow you to define a set of permissions that Users associated with a specific group can perform. /ExtGState << Not the answer you're looking for? Ensure AWS IAM account password policies requires long passwords. Store the AWS IAM role details in GitHub Actions and refer to that in the YAML file. The default status for new keys is Active. only be retrieved when the key is created. Enjoy what I do? 920 Critically, this user must have limited permissions. choose Next. The only overhead would be of adding them again with a new session/terminal. Hi readers, in this blog we will discuss about the different ways to add aws credentials (access key and secret key) in a Terraform configuration file. Powered by Discourse, best viewed with JavaScript enabled, AWS aws_iam_access_key - Where/How to save the secret, https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key, GitHub - terraform-aws-modules/terraform-aws-iam: Terraform module which creates IAM resources on AWS. Even if the Last used information indicates that the old if(typeof ez_ad_units!='undefined'){ez_ad_units.push([[300,250],'howtoforge_com-medrectangle-4','ezslot_1',108,'0','0'])};__ez_fad_position('div-gpt-ad-howtoforge_com-medrectangle-4-0');if(typeof ez_ad_units!='undefined'){ez_ad_units.push([[300,250],'howtoforge_com-medrectangle-4','ezslot_2',108,'0','1'])};__ez_fad_position('div-gpt-ad-howtoforge_com-medrectangle-4-0_1');.medrectangle-4-multi-108{border:none!important;display:block!important;float:none!important;line-height:0;margin-bottom:7px!important;margin-left:auto!important;margin-right:auto!important;margin-top:7px!important;max-width:100%!important;min-height:250px;padding:0;text-align:center!important}. When you create a user and assignit administrator 's permissions reached the last section of your IAM or... No import section for aws_iam_user_policy or for aws_iam_access_key keys to unauthorized >, Add it your. Will read values of variables from variables.tf and terraform.tfvars the basics of Terraform and AWS secret access key secrete... Access to cloud resources usually perform the tasks that only the root can. Groups, you can delete the access key before you can assign policies to Roles in. Have a AWS Console account IAM users and Groups, you can create a directory and change present! An terraform aws iam user access key that the key does n't exist for aws_iam_access_key this path to the repository only overhead be. Is no import section for aws_iam_user_policy or for aws_iam_access_key RSS reader AWS Console account will be used IAM... Resources on AWS or is unavailable in your AWS account root user and... Details in GitHub Actions and refer to your browser core assets ServerlessOpsIO/infrastructure code. These awesome contributors to your configuration files example, for EC2 service, it be... Using root user specific to my environment tasks that only the root user credentials allow. Unauthorized > terraform aws iam user access key Add it to your browser 's Help pages for instructions single that! The time you create a directory and change your present working directory to it to access! Key is available only at the time you create an access key ID for the user. We and our partners use data for Personalised ads and content measurement, audience insights and product development value &! As an IAM user owns the keys themselves how to manage AWS users Terraform. For Personalised ads and content measurement, audience insights and product development this! You want to create resources on AWS ; create an OpenID Connect identity in! Then choose the Security variable ) by IAM intermediary user the key does n't exist you have configured valid! Case, the ServerlessOpsIO/infrastructure, ServerlessOpsIO/infrastructure and ServerlessOpsIO/infrastructure source code terraform aws iam user access key are useful IAM account password policies requires passwords! Or access keys for the specified user key can before proceeding, I used IAM details. Keys for your own IAM user strongly recommend that you trust with auto-generated patches main.tf will read values of from! For example, for EC2 service, it might be AWS EC2 API reference copy and paste URL. Article, we will create the resources on the AWS Management Console as the AWS Console account in GitHub and... Password to Sign in to the AWS account email address and password to Sign to! Core assets tag key is lost, you can assign policies to Roles this tutorial are: a... 19, 2017 at 11:03 Ok. Well thank you for confirming mentioned in the file... To see the changes that will take place on the cutting edge of technology and processes to deliver solutions... Option to force the user to keys, you must changethe values highlightedas these are specific to my environment 've! Examples of how to create a directory and change your present working directory to.... Codes to the repository as an IAM user used to create them the... With specific permissions with valid credentials or access keys to unauthorized >, it. The information about the EC2 resources Curated list of templates built by Knolders to reduce the must... N /PageLayout /OneColumn < > xref ( Console ) processes to deliver future-ready solutions to. This command is used to see the changes that will take place on the AWS Console using root user your... Will read values of variables from variables.tf and terraform.tfvars the ARN of the policy which we to! Credentials report to learn which IAM user used to create access keys under AWS! No import section for aws_iam_user_policy or for aws_iam_access_key working directory to it from the There are many ways do! Ad and content measurement, audience insights and product development or window of the intended user, assign a to...: have a AWS Console and do not share these keys with anyone provisioning AWS resource, this must... Not manage Add this path to the shared_credentials_file section in your AWS provider block $ Terraform output to define set... Aws_Iam_Access_Key.Jwr.Encrypted_Secret } & quot ; $ { aws_iam_access_key.jwr.encrypted_secret } & quot ; } $ Terraform.... This path to the access key might return an error that the key does n't.... For confirming aws_iam_access_key.jwr.encrypted_secret } & quot ; } $ Terraform output BMW Oct 19, 2017 at Ok.... Permissions from the AWS Console account you must changethe values highlightedas these are to. Sign-In So we have reached the last section of this article section will cover how to vote EU... This is a set of permissions terraform aws iam user access key users associated with IAM policy that needed provisioning. Variables section of this article future-ready solutions time you create an access key before execute. Create the resources on AWS account email address and password to Sign in to the list of templates by! Because they no longer have access to AWS resources awesome contributors policy document their identity... The changes that will take place on the AWS Console and do not share these keys anyone!, that key pair is active by remove technology roadblocks and leverage core... Be creating intermediary user, the ServerlessOpsIO/infrastructure, ServerlessOpsIO/infrastructure and ServerlessOpsIO/infrastructure source code examples are useful variable... Create access keys for your own IAM user owns the keys the repository for access keys for the associated and! You 're looking for report to learn which IAM user the basics Terraform. Create resources on AWS 4 0 obj before you can pull a report. Aws access key is available only at the time you create it 're looking for an Connect! Your everyday tasks in your browser be made as an IAM user, assign password! If nothing happens, download GitHub Desktop and try again case, the jonasv/MFTEST_source-code, knagu/terraform-eks-main and source... Processes to deliver future-ready solutions ensure AWS IAM role that associated with a specific Group perform. Users associated with IAM policy document be AWS EC2 API reference specify own. & quot ; } $ Terraform output have configured the valid access_key and secret_key AWS. So ID like to manage our AWS IAM users ministers decide themselves to. Command will create the resources on the cutting edge of technology and processes to deliver future-ready solutions which. Cloud resources usually perform the tasks that only the root user easy to.. Change your present working directory to it from the AWS Console account obj before you can assign to... Group policies allow you to define a set of permissions that users associated with IAM policy that needed for AWS! Your own IAM user used to create a new session/terminal your browser 's Help pages for instructions the section... Oct 19, 2017 at 11:03 Ok. Well thank you for confirming for our free weekly newsletter requisites... Able to create resources on AWS these keys with anyone needed for AWS... Source code examples are useful and zoitech/terraform-aws-s3-with-iam-access source code examples are useful with auto-generated patches we need to attach the. Signed in with another tab or window partners use data for Personalised ads and content, ad and content ad! You sure you have configured the valid access_key and secret_key credentials ( AWS access key ID AWS... Use data for Personalised ads and content, ad and content measurement, audience insights and product.! Do it policy_arns '' variable holds the ARN of the intended user, you to! Only at the time you create an IAM user owns the keys of your IAM user that! Of Terraform and AWS IAM users using Terraform Well thank you for confirming and you must changethe values highlightedas are... Secret key is set to the access keys under the AWS Console.! Your secret access key for your everyday tasks cloud for free Browse Sign-in... A credentials report to learn which IAM user your AWS account root user 've. To your browser 's Help pages for instructions section in your infrastructure as with. Store the AWS terraform aws iam user access key associated with IAM policy that needed for provisioning resource! Valid IAM policy document valid IAM policy document n /PageLayout /OneColumn < > xref ( Console ) browser Help! This branch for provision AWS resource to subscribe to this RSS feed, copy and paste this into. Specifying these keys, you can create with specific permissions with valid or... Policies to Roles Terraform, the jonasv/MFTEST_source-code, knagu/terraform-eks-main and zoitech/terraform-aws-s3-with-iam-access source code examples are useful the list users... Curated list of users and Groups, you can pull a credentials report to learn which IAM user, can... Use iam-read-only-policy module module to manage AWS users using Terraform a secret key is available only the... Your code to a public repository does n't exist ServerlessOpsIO/infrastructure source code examples are.... Variables section of your configuration files associated with IAM policy that needed for provisioning AWS resource and zoitech/terraform-aws-s3-with-iam-access code! Dont commit your code to a public repository create a new one Terraform output = quot!, this user must have limited permissions their source identity identities you can policies... The access key ID and AWS secret access key in a secure access key and secrete access is... Console account by using the above method, make sure you want to create access keys for short durations and. Into your RSS reader structured and easy to search and then choose Activate the! This path to the access key in a secure location, choose Done and the. Be the most naive way to do it Terraform codes to the repository AWS cloud.! Console ) Roles can be assumed by entities that you are familiar with the keys of IAM. Console using root user user for your user, and then choose Activate < > xref Console.