iam user needs either console access or access key in order to interact with aws?

Question

I created a user "data_eng1" with policies to use AWS glue. now, without console access and access keys disabled - this user has no way to interact with AWS at all?

I need to enable either console or access keys(AWS cli) ? at minimum, it needs to have at least 1 of these? attached policy gives permission, but there is no way I can login or AWS cli into AWS without 1 of these 2?

I'm trying to login to AWS — to do this I need at least 1 out of 2: access keys generated (so I can use cli), or console enabled, right?

Answer 1

Yes, you do need to have some kind of credentials to use either cli or the console (either long-term user's credentials or short-term session credentials).

Attached policy gives you authorization to do stuff, but AWS needs to perform authentication first (bind your API requests from the console or cli to a user or a role). That's what the tokens do

Answer 2

You cannot interact with AWS without either enabling console access or use IAM roles. A good practice would be to let users federate into AWS environment and not using long-term access keys for day to day tasks. Federated identities have short-lived credentials with configurable expiration time