Creating an AWS Administrative User: Step-by-Step

AWS Administrative User: Once you’ve created your AWS account, it’s critical to follow best security practices. The first thing AWS recommends is not to use the root account for everyday tasks. Instead, you should create a dedicated Administrative IAM user with full permissions to manage your AWS resources.

In this guide, we’ll walk through the steps to create an administrative user in AWS, assign permissions, and enable secure access.

Why Not Use the Root User?

The root user has unrestricted access to your entire AWS account, including sensitive billing information and service limits. Using it regularly increases the risk of accidental or malicious changes.

Best practice: Use the root user only for initial setup and critical tasks, then create a separate IAM user with admin access for daily operations.

Prerequisites

  • A valid AWS account.
  • Access the AWS Management Console using the root user.

Step-by-Step Guide to Create an AWS Administrative User

Step 1: Sign in as the Root User

  1. Go to the AWS Console: https://console.aws.amazon.com/
  2. Sign in using the root user email and password.

Follow this article to create a free AWS account and sign in with the Root user.

Step 2: Open the IAM Service

  1. In the AWS Console, go to the Services menu.
  2. Search for IAM Identity Center and open it.
AWS Administrative User, Step-by-Step Guide to Create an Administrative IAM User

3. Enable IAM Identity Center: Click on the Enable button.

Step-by-Step Guide to Create an Administrative IAM User

4. Finally, enable it under Enable IAM Identity Center with AWS Organizations.

Creating an AWS Administrative User

Step 3: Add a New IAM User

  1. In the IAM Identity Center dashboard, click on “Users” in the left menu.
Creating an AWS Administrative User

2. Click the “Add user” button.

Creating an AWS Administrative User

Step 4: Configure User Details

  1. Enter a username, such as admin.
  2. Under Password, choose:
    • Send an email link to set up a password
    • Generate a one-time password
  3. Enter other user details: Email, First name, Last name, etc.
  4. Click “Next”.
Creating an AWS Administrative User

5. Add the user to groups (optional), then click Next.

Creating an AWS Administrative User

6. Review and add the user.

Creating an AWS Administrative User

7. Finally, you will see a successfully added user notification.

Creating an AWS Administrative User

Step 5: Set Permissions

1. In the IAM Identity Center dashboard, click on “Permission sets” in the left menu. After that, click on the “Create permission set” button.

Creating an AWS Administrative User

2. Select permission set type and Policy: Choose predefined permission set type and to grant full administrative access, choose AdministratorAccess policy.

Creating an AWS Administrative User

3. Specify permission set details: fill in the name, description, session duration, etc, and click the Next button.

Creating an AWS Administrative User

4. Review and create: review the permission set details and click on the Create button. After that, you will see the permission set created successfully with a notification with administrative access.

Creating an AWS Administrative User
Creating an AWS Administrative User

Step 6: Assign users to AWS account and Review

1. In the IAM Identity Center dashboard, click on “AWS accounts” in the left menu. After that, click on the “Assign users or groups” button.

Creating an AWS Administrative User

2. Select users and groups: choose created user (admin) here and click Next button.

aws iam identity center aws account step 1 min

3. Select permission sets: choose created permission set (AdministratorAccess) here and click the Next button.

aws iam identity center aws account step 2 min

4. Finally, review and submit.

Creating an AWS Administrative User

Step 7: Create and Save Credentials

After the user is created, you will see A Sign-in link for the IAM user. Set up the new password here.

Creating an AWS Administrative User

👉 Save these securely! You won’t be able to see the secret access key again.

The IAM user can now access the AWS Console at:

https://[your-account-alias].signin.aws.amazon.com/console

Extra Security Steps (Recommended)

Enable MFA (Multi-Factor Authentication) for IAM User

  1. Go to IAM > Users.
  2. Click on the IAM username.
  3. Select the “Security Credentials” tab.
  4. Click “Assign MFA device” and follow the instructions to set up using an authenticator app like Google Authenticator or Authy.
keep your account secure min

Create an Account Alias

This makes your IAM sign-in URL easier to remember:

  1. Go to IAM > Dashboard.
  2. Click on “Customize” next to the Account Alias section.
  3. Enter a custom name, such as mycompany-admin.

Your new IAM login URL will be: https://mycompany-admin.signin.aws.amazon.com/console

Conclusion

Creating an AWS administrative user is a critical first step in securing your AWS account. With this in place, you can safely manage AWS resources without exposing the powerful root account to everyday risks.

Remember:

  • Use the root user only when necessary.
  • Secure all IAM users with MFA.
  • Monitor usage with IAM policies and CloudTrail.

Share with friends

Leave a Comment

Your email address will not be published. Required fields are marked *