Celestina Odili
AWS User Management: Guide to Creating an Admin User

AWS User Management: Guide to Creating an Admin User

Celestina Odili's photo
Celestina Odili
·

4 min read

Table of contents

Creating a user with administrative access in AWS involves creating IAM user in the AWS Management Console. Below are the detailed steps:

Step 1: Sign in to the AWS Management Console

  • Create a free AWS account If you do not have one yet, click here to sign up.

  • Navigate to the AWS Management Console.

  • Sign in using your root account.

Step 2: Secure your AWS account root user

To secure your account root user, turn on multi-factor authentication (MFA) for your root user.

  • Download and install a virtual authentication app on your device (smartphone). For example, Microsoft authenticator. For a list of supported Authenticator, check out this.

  • On the right side of the navigation bar of AWS management console, click your account name and choose Security credentials.

  • In the Multi-Factor Authentication (MFA) section, choose Assign MFA device.

  • type the Device name (e.g Google-Authenticator), choose Authenticator app, and then choose Next.

    IAM generates and displays configuration information for the authenticator app, including a QR code graphic.

  • Open the authenticator app on your device (smartphone).

  • Use the app to scan the QR code to to configure it. This is the easiest way but if you cannot scan the code, you can type the configuration information manually.

    • To use the QR code to configure the app, from the wizard, choose Show QR code. Then follow the app instructions for scanning the code. For example, you might need to choose the camera icon or choose a command like Scan account barcode, and then use the device's camera to scan the QR code. Amazon web services will be added to the app automatically.

    • To configure manually, In the Set up device wizard, choose Show secret key, and then type the secret key into your MFA app. The device starts generating six-digit numbers.

  • In the MFA code 1 box, type the one-time password that currently appears in the authenticator app. Wait up to 30 seconds for the device to generate a new one-time password. Then type the second one-time password into the MFA code 2 box. Choose Add MFA.

    Ensure you submit your request immediately. If you delay submitting, the MFA device will successfully associate with the user, but the MFA device will be out of sync. If this happens, you can resync the device.

Step 3: Create a New User

  • In the search bar, type IAM and select IAM from the search results. This will take you to the Identity and Access Management (IAM) dashboard.

  • Click on Users in the Access management category on the left-hand menu.

Click the Create users.

Step 4: Set User Details:

  • In the User name field, enter the desired username.

  • Click the check box” Provide user access to the AWS Management Console”

  • Under User type, choose the type of access the user will need:

    • Specify a user in Identity Center

    • I want to create an IAM user

  • If you selected “I want to create an IAM user”, choose an option for the password:

    • Autogenerated password: AWS will generate a temporary password.

    • Custom password: You provide your own password.

Click Next

Step 5: Set permissions

  • On the Set permissions page, select Attach policies directly.

  • Search for and select the AdministratorAccess policy. This grants full administrative access to all AWS resources.

click Next

Step 6: Review and Create

  • Add Tags (Optional): you can add metadata to the user, such as Key: Department and Value: IT.

  • Review the details you have entered.

  • Click the Create user

Step 7: Save User Credentials

  • On the final page, you'll see the user's sign-in credentials. Save these credentials securely. You will not be able to view them again.

  • Download the .csv file with the credentials or copy them to a secure location.

Step 8: Test the User

  • Log out of your current session

  • Click on the console sign-in url provided in the credential

  • Enter the user name and password then sign in.

  • Change the password when prompted.

  • Verify that the user has administrative permissions by accessing various services.

Additional Security Best Practices:

  • Enable Multi-Factor Authentication (MFA) for the new user:

    • Go back to the IAM dashboard.

    • Select Users, then the new user.

    • Choose the Security credentials tab and click Manage MFA.

    • Follow the instructions to set up MFA for enhanced security.

  • Avoid using the root account for daily tasks. Use the administrative user instead.

IAM,MFA,Access key ID,Secret access keyAWS IAMidentity-managementAccess Management