The root user has unrestricted access and control over all the resources in an AWS account. Using root user for regular activities is inconsistent with the principles of least privilege and separation of duties.
The root account should be used only when performing an activity that requires root credentials, like Billing, or managing AWS accounts through Organizations. It is not to be used to manage the AWS account for other activities.
As per the security best practices, one should create an Admin user as part of the Admin group and use this Admin user to operate the AWS account.
In this article we will take a look at how to create an Admin user using AWS CLI.
Following are the steps to create an IAM Admin user using AWS CLI:
Create an IAM user by running the following command
aws iam create-user --user-name <IAM_username>
(Optional) If you have not created an Admin group already, you can create one in this step, else skip to step 5. Run the following command to create a user group
aws iam create-group --group-name <Group_name>
Attach the AdministratorAccess policy to the group created
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --group-name <Group_name>
To check if the policy has been attached to the group, you can check by running the following command
aws iam list-attached-group-policies --group-name <Group_name>
Add the Admin user to the Admin group by running the following command
aws iam add-user-to-group --user-name <User_name> --group-name <Group_name>
To check if the user got added to the group, run the following command
aws iam list-groups-for-user --user-name <User_name>