Creating and managing IAM user

Use this section to create and manage IAM users for object storage access.

Note the following considerations when creating and managing an IAM user:

• Bucket policy principals and ARNs: Bucket policies can reference either the account ID/ARN (for administrator or NooBaa CLI-created accounts) or the IAM user ARN. On upgraded clusters, bucket‑policy principals previously defined using the email‑based account format (account@noobaa.io) are automatically converted to the ARN format (arn:aws:iam::account_id:root).
• S3 access requires a policy: An IAM user’s S3 requests return AccessDenied if no IAM policy is attached.
• OBC account limitations: Object Bucket Claim (OBC) accounts cannot create IAM users.
• Default policy review: IAM users created through the IAM console are automatically assigned a default policy that grants full access.