This project was inspired by a real-world cloud management challenge, where I took on the role of a Cloud Specialist responsible for improving both efficiency and security in an AWS environment. The goal was clear: migrate 100 users into a new AWS Identity and Access Management (IAM) structure while ensuring that every account followed modern security best practices — starting with Multi-Factor Authentication (MFA).
At first glance, this might sound like a straightforward administrative task. But in practice, manually creating and configuring each user in the AWS console would have been time-consuming, error-prone, and difficult to maintain at scale. That’s when I shifted my focus toward automation.
Using AWS CLI and Shell scripting within Git Bash, I designed a fully automated workflow to handle user creation, group assignments, and MFA enforcement. Every command was scripted, tested, and validated to ensure reliability and repeatability. This approach transformed what would have taken hours — or even days — of manual effort into a streamlined, consistent process that completed in minutes.
Beyond migration, the project also emphasized security hardening and account lifecycle management. I implemented verification steps to confirm successful MFA activation and developed logs to track any anomalies during the migration. The result was a solution that not only worked efficiently but could be reused and scaled for future identity rollouts.
More than just a technical exercise, this project reinforced my belief that automation is central to sustainable cloud operations. It showed how the right combination of scripting, cloud tools, and security practices can reduce overhead, minimize risk, and bring structure to even the most complex environments.
Part 1 – PrePlanning Steps
- Automation Script for creating users by ‘AWS CLI’ from CloudShell;
- Converting the ‘user migration spreadsheet’ according to the script (”column names” and “.csv format”)
- Run Automation Script;
- Validate users created.
Automation AWS CLI Script:
Sample List of Users
A test file with more than 100 user accounts was provided, with the flexibility to scale the list as needed for the migration of application users to the cloud-based platform.
Cleaning the file received
As part of the migration workflow, we first focused on cleaning and normalizing the user data received in the initial test file. The dataset contained over 100 user records, but the group names were inconsistent with the naming conventions defined in our target cloud environment.
To address this, we implemented a data preprocessing step to ensure alignment between the input file and the system’s IAM structure. This included:
- Renaming group identifiers in the file to match the standardized naming format used in AWS IAM.
- Adding default passwords for each user account to facilitate initial access during migration.
- Ensuring that all users were prompted to reset their passwords upon first login, maintaining compliance with security best practices.
These preparatory activities were essential to maintain data integrity, security consistency, and automation reliability throughout the migration process. By resolving discrepancies before execution, we minimized potential authentication errors and ensured a seamless transition once the automated scripts were deployed.
AWS Cloud Shell(Comes with AWS CLI Installed)
3. Upload the script being used to create the user
The script Output
Validate in AWS Console if the users were created successfully
Validate the users are in the proper group
Add the Change my password permissions to the group, to allow users to change their password
Test out changing the user password
Adding additional security by adding Multi Factor Authentication
Selecting the MFA Device we want to use for the root user(We can also enable this for all the users if required during the setup process)
Installing the Authentication app on your phone
Get the google authentication codes from your phone
Once this is done logout and test using the authentication app to ensure security has been correctly installed and setup