How To Create Admin User In AWS

After you create an AWS account, the best practice is to lock away the root account credential (which you used to create the account) and never use it to do your daily tasks. Instead of using the root account, you should create an admin account with all access. To create users, user groups and policies, you can use IAM.

This entry is for Step (2) from How To Create Your Personal Data Science Computing Environment In AWS. You can check it out to get better context.

IAM Identities

IAM Identities include Users, Groups and Roles. In AWS, each has a specific meaning and understanding it correctly will help you to manage your resources.

Everything happens in AWS is triggered by API calls. Think about APIs. You first need to authenticate your self and call API. When you call API, you need to have the right permission.

Users and roles are authentication methods, not permission. Users are permanent credentials used by both humans and machines. User can be attached to groups and a group can contain many users (many-to-many relationship).

Roles are not permission. They are the temporary credentials used by resources (e.g. EC2 instance).

The permission to execute API is controlled by policy doucments. Users and roles without policy attached can authenticate themselves for API services, but cannot make any API call.

It makes sense from security point of view. If your account is compromised for whatever reason without knowing which user, you can simply detach policy from all users. Then the hackers won’t be able to execute any API.

For further information, you should check out AWS documentation on IAM here.

Once you understand IAM identities, creating user groups, users, and policies is easy.

Steps

(1) Go to IAM unser Services Tab

(2) Go to Group and click Create Group

(3) Attach Policy AdministratorAccess

(4) Go to Users and click Add user

Click both Programmatic access and AWS Management Console access. You can either set password by yourself or let IAM autogenerate it.

Make sure to get keys. This is the only time you can get them. If you miss this opportunity, there is no way to retrieve them.

(5) Attach user to the admin group with AdministratorAccess policy

(6) Review the user and complete it

Cool, now you can go back to How To Create Your Personal Data Science Computing Environment In AWS to complete the rest of the steps!

Git
How to specify which Node version to use in Github Actions

When you want to specify which Node version to use in your Github Actions, you can use actions/setup-node@v2. The alternative way is to use a node container. When you try to use a publicly available node container like runs-on: node:alpine-xx, the pipeline gets stuck in a queue. runs-on is not …

AWS
Using semantic-release with AWS CodePipeline and CodeBuild

Here is the usual pattern of getting the source from a git repository in AWS CodePipeline. In the pipeline, we use AWS CodeStart to connect to a repo and get the source. Then, we pass it to the other stages, like deploy or publish. For some unknown reasons, CodePipeline downloads …

DBA
mysqldump Error: Unknown table ‘COLUMN_STATISTICS’ in information_schema (1109)

mysqldump 8 enabled a new flag called columm-statistics by default. When you have MySQL client above 8 and try to run mysqldump on older MySQL versions, you will get the error below. mysqldump: Couldn’t execute ‘SELECT COLUMN_NAME, JSON_EXTRACT(HISTOGRAM ‘$”number-of-buckets-specified”‘) FROM information_schema.COLUMN_STATISTICS WHERE SCHEMA_NAME = ‘myschema’ AND TABLE_NAME = ‘craue_config_setting’;’: Unknown …