Introduction
The root user has unrestricted access and control over all the resources in an AWS account. Using root user for regular activities is inconsistent with the principles of least privilege and separation of duties.
The root account should be used only when performing an activity that requires root credentials, like Billing, or managing AWS accounts through Organizations. It is not to be used to manage the AWS account for other activities.
As per the security best practices, one should create an Admin user as part of the Admin group and use this Admin user to operate the AWS account.
In this article we will take a look at how to create an Admin user in AWS.
Create an IAM Admin user in AWS
Following are the steps to create an IAM Admin user in AWS:
-
Login to AWS Management Console and navigate to IAM service
-
Under Access management on IAM dashboard, go to Users
-
On Users page, click on Add users
-
Provide a user name for the Admin user that you want to create and check Enable console access option. Select the appropriate options under Console password section and click on Next
-
(Optional) If you do not have an Admin group already, you can create one in this step, else skip to step 8. Click on Create group
-
Provide a name for the Admin group and select AdministratorAccess policy under Permissions policies section
-
Click on Create user group and this will create an Admin group in which we will add our Admin user
-
Now select the Admin group to which you want to add the Admin user and click on Next button
-
Adding tags is optional but it is a good practice. In this step add tags for the Admin user as appropriate and click on Create user
-
Save or share securely the user details required for the Admin user to sign-in to the AWS account and click on Return to users list button
-
In the Users list we can see the Admin user has been created and added to the Admin group

Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.

Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.