Create an admin user

Create an admin user in the IAM Identity Center

Create the new user profile

Create the user, completing the fields as prompted. In the end, the user will exist but have no access.

Create an administrative permission set

Permission sets are stored in IAM Identity Center and define the level of access that users and groups have to an AWS account.

Create the new set and choose AdministratorAccess from the list of predefined permission sets.

Assign the AdministratorAccess permission set to the user

You must assign the user to the AdministratorAccess permission set.

From Multi-account permissions, choose AWS accounts. Put a tick in the box next to each account you want to assign access and choose Assign users or groups. Select the user, then on the next page, select the AdministratorAccess permission set.

Review the options, then select submit and wait for the process to complete.

OBS! Wait to close the page until the process completes.

OBS! Enabling MFA for this account is highly recommended.

Assign least privilege permission set

For the same user, you should assign permission sets with less access than AdministratorAccess. For example, if you assign the SystemAdministrator permission set, you can do most things besides managing users and groups. When you sign into the AWS console, you can choose which permissions set you to require. You can select the least privileged for daily work and only elevate to higher privileges when needed.

Example sign-in screen where you can choose between permission sets

image
Last modified July 21, 2024: update (e2ae86c)