Creating two types of IAM users in AWS using the CLI

To create a user in AWS IAM using the CLI (after you have configured it), use the following:

Create a user with programmatic access (access key ID and secret access key):

$ aws iam create-user \
  --user-name User_Prog_Access

Response: 
{
    "User": {
        "Path": "/",
        "UserName": "User_Prog_Access",
        "UserId": "AIDExampleUserId",
        "Arn": "arn:aws:iam::123333333:user/User_Prog_Access",
        "CreateDate": "2021-01-29T12:20:43+00:00"
    }
}

$ aws iam create-access-key \
  --user-name User_Prog_Access

Response:
{
    "AccessKey": {
        "UserName": "User_Prog_Access",
        "AccessKeyId": "AKIExampleAccessKeyID",
        "Status": "Active",
        "SecretAccessKey": "ttExampleSecretAccessKey",
        "CreateDate": "2021-01-29T12:21:22+00:00"
    }
}

And for a user with console access:

$ aws iam create-user \
  --user-name User_Console_Access

Response:
{
    "User": {
        "Path": "/",
        "UserName": "User_Console_Access",
        "UserId": "AIExampleUserId",
        "Arn": "arn:aws:iam::933323111111:user/User_Console_Access",
        "CreateDate": "2021-01-29T12:31:46+00:00"
    }
}

$ aws iam create-login-profile \
  --user-name User_Console_Access \
  --password Temp_Password4 \
  --password-reset-required

Response:
{
    "LoginProfile": {
        "UserName": "User_Console_Access",
        "CreateDate": "2021-01-29T12:35:28+00:00",
        "PasswordResetRequired": true
    }
}

Decode access secret key from Terraform IAM user creation

Problem

You want to use the pgp encryption when using Terraform to create an AWS IAM user, and you have the secret access token returned as an output but encoded.

Solution

Use the following to get the actual secret key decoded (after copying your encoded key to a file encrypted_key.txt:

$ cat encrypted_key.txt | base64 --decode | gpg -d