The root user has unrestricted access and control over all the resources in an AWS account. Using root user for regular activities is inconsistent with the principles of least privilege and separation of duties.
The root account should be used only when performing an activity that requires root credentials, like Billing, or managing AWS accounts through Organizations. It is not to be used to manage the AWS account for other activities.
As per the security best practices, one should create an Admin user as part of the Admin group and use this Admin user to operate the AWS account.
In this article we will take a look at how to create an Admin user in AWS.
Following are the steps to create an IAM Admin user in AWS:
Login to AWS Management Console and navigate to IAM service
Under Access management on IAM dashboard, go to Users
On Users page, click on Add users
Provide a user name for the Admin user that you want to create and check Enable console access option. Select the appropriate options under Console password section and click on Next
(Optional) If you do not have an Admin group already, you can create one in this step, else skip to step 8. Click on Create group
Provide a name for the Admin group and select AdministratorAccess policy under Permissions policies section
Click on Create user group and this will create an Admin group in which we will add our Admin user
Now select the Admin group to which you want to add the Admin user and click on Next button
Adding tags is optional but it is a good practice. In this step add tags for the Admin user as appropriate and click on Create user
Save or share securely the user details required for the Admin user to sign-in to the AWS account and click on Return to users list button
In the Users list we can see the Admin user has been created and added to the Admin group
