Create an admin user
Categories:
2 minute read
Warning
This uses the AWS Identity Center; not IAM.Create the new user profile
Create the user, completing the fields as prompted. In the end, the user will exist but have no access.
Create an administrative permission set
Permission sets are stored in IAM Identity Center and define the level of access that users and groups have to an AWS account.
Create the new set and choose AdministratorAccess
from the list of predefined permission sets.
Assign the AdministratorAccess permission set to the user
You must assign the user to the AdministratorAccess
permission set.
From Multi-account permissions, choose AWS accounts. Put a tick in the box next to each account you want to assign access and choose Assign users or groups
. Select the user, then on the next page, select the AdministratorAccess
permission set.
Review the options, then select submit
and wait for the process to complete.
OBS! Wait to close the page until the process completes.
OBS! Enabling MFA for this account is highly recommended.
Assign least privilege permission set
For the same user, you should assign permission sets with less access than AdministratorAccess
. For example, if you assign the SystemAdministrator
permission set, you can do most things besides managing users and groups. When you sign into the AWS console, you can choose which permissions set you to require. You can select the least privileged for daily work and only elevate to higher privileges when needed.
Example sign-in screen where you can choose between permission sets