Creating an AWS IAM Admin User and Group


It is bad practice to use your root AWS account for Administration tasks so this article shows how to create a new IAM Admin User and Group.

You will need to log on as root in order to complete these steps.

First of all we need to grant access to billing information to the IAM user we are going to create. To do this navigate to your user at the top right of the AWS console and click on My Account. Scroll down the page until you see IAM User and Role Access to Billing Information.

Now Activate IAM Access and click on Update.

Navigate to the IAM service and choose Users from the menu. No select Add User. Enter your user name (suggested: Administrator), select AWS Management Console Access and enter a custom password.

Once you are done click on Next: Permissions.

Now select Create Group and enter a group name of Administrators. Click on Filter policies and check AWS managed – job function.

Now check AdministratorAccess and click Create Group.

You will now be able to see the group in the Group list. If you cannot then click refresh and make sure it is selected.

Add tags to help identify the user if required (recommended).

Move to the final step and you can download the credentials and email the details to the user.