Could not access AWS through IAM user

2.3k Views Asked by At

In chrome browser, logged into AWS account with user name(Administrator) part of Administrators group.

Created an IAM user (Bob) with Custom managed policy(Demo1) as shown below:

enter image description here

In firefox, tried to login with user Bob, below is the error:

enter image description here

Bob is part of no group.

enter image description here

With or without policy(Demo1) attachment to user Bob, user Bob could not login...

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ec2:*",
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Deny",
            "Action": "ec2:RunInstances",
            "Resource": "*",
            "Condition": {
                "ForAllValues:StringNotEquals": {
                    "ec2:InstanceType": "t1.*,t2.*,m3.*"
                }
            }
        }
    ]
}

Why user Bob cannot login?

3

There are 3 best solutions below

4
On BEST ANSWER

Users do not require any permissions to login to the AWS Management Console. (However, they won't be able to see/do anything to the services themselves.)

Therefore, if you are unable to login to the console, you either have the wrong login information (Account, Username, Password) or the user does not have a Console Password enabled.

In the IAM management console, go to the User and look in the Security credentials tab to obtain the right console sign-in link and to verify that a password has been enabled.

2
On

It is strange that I was not able to login into AWS management console using IAM user information. I went to the root account and copied the console sign-in link for the IAM user, then entered my credentials. It started working.

0
On

I cannot login AIM user(created in AIM identity center) through https://signin.aws.amazon.com/ even though there is an "IAM" option.

But I can always login throught the url *****.awsapps.com, the **** part should be unique to each AIM user. Bookmark this url and login using it.