aws iam

This is an article how to create a user with administrative access in IAM Identity Center using AWS Management Console.
You shouldn’t use your AWS account root user for every tasks.

Reference

Prerequisite

  • Have an AWS account root user

Workflow

  1. Create New User
  2. Create New Permission Set
  3. Assign Permission Set to User
  4. Access AWS Management Console

1. Create New User

Sign in AWS Management Console using your AWS account root user email.

Sign in form

Sign in form using root user

Go to IAM Identity Center and enable it.

How to access IAM Identity Center

Click “Users” in IAM Identity Center.

Users in IAM Identity Center

Click “Add User” and fill in Primary Information. Other fields are optional.
I selected “Send an email to this user with password setup instructions.” this time.

User Primary Information

Click “Next” then you can add the user to groups optionally.
Click “Add user” to complete the process.

The user will receive an email invitation.
Click “Accept Invitation”.
Set a password and turn on multi-factor authentication(MFA).
I chose “Authenticator apps” and used Google Authenticator.
After setup, you can access AWS access portal.
Use your AWS access portal URL in the email to access it next time onwards.

2. Create New Permission Set

To grant administrative access, create a permission set.
Return to IAM Identity Center as your AWS account root user and click “Permission sets”.

Permission sets in IAM Identity Center

Click “Create permission set”.
Select “Predefined permission set” and “AdministratorAccess”.

Select permission set type

Other fields are optional. Click “Create” to finish.

3. Assign Permission Set to User

Click “AWS accounts” in IAM Identity Center.

AWS accounts in IAM Identity Center

Select your AWS account root user and click “Assign users or groups”.
Click the “Users” tab and select the user that you created, then click “Next”.
Select the AdministratorAccess permission set, then click “Next”.
Click “Submit”. The user is assigned to your AWS account root user with administrative access.

4. Access AWS Management Console

Verify to access AWS Management Console using the user with administrative access.

Access AWS access portal using the link in the email which you received when you generated the user.

Click “AdministratorAccess”, then you can access AWS Management Console.

AWS access portal