Use AWS

Setting up for the first time

The following steps will get you from nothing with AWS to having an admin IAM user and a root user within a root account.

Go to the AWS Console and create a root user
You now have a root user within your root account that can login via email/password. This user does not show up in IAM and should only be used for billing/account management
On the top navigation bar, click on your username and click on My Security Credentials
Set up Multi-Factor Authentication for this root user in the root account
Go to IAM and create an IAM user with:
1. AWS Management Console access enabled
2. Programmatic access disabled
3. Autogenerated password
4. Checked checkbox that says to reset the password on first login
5. Attach the AdministratorAccess policy (Attach existing policies directly)
Take note of:
1. The generated password
2. The IAM user's username
3. Your Account ID
Log out of the root user
Go to the AWS Console and sign in using IAM user
Enter your Account ID
Enter your IAM user's username and auto-generated password
Set your actual password this time
Set up Mutli-Factor Authentication for this IAM user that is in the root account.
You now have an admin IAM user within your root account. This user will show up in IAM and should only be used for creating other users (eg. for Terraform/other admins)

Creating a sibling account

The following steps assume that the intiial setup of a root user has been done and you are logged in as that root user in the root account.

Go to AWS Organizations
Create a new organization so that it is a child of the Root account and a sibling of your management account
Log out of your root user
Go to the AWS Console and sing in using the Root user
Enter the email of the sibling organization
Click on Forgot Password
Go to your email and click on the link to set the password of the root user of the sibling account
Follow the steps in the first-time setup to setup the root user and the IAM user for this sibling account

PreviousUse VSCode NextUse Git

Last updated 3 years ago

Was this helpful?

Setting up for the first time

The following steps will get you from nothing with AWS to having an admin IAM user and a root user within a root account.

Go to the AWS Console and create a root user

You now have a root user within your root account that can login via email/password. This user does not show up in IAM and should only be used for billing/account management

On the top navigation bar, click on your username and click on My Security Credentials

Set up Multi-Factor Authentication for this root user in the root account

Go to IAM and create an IAM user with:

AWS Management Console access enabled
Programmatic access disabled
Autogenerated password
Checked checkbox that says to reset the password on first login
Attach the AdministratorAccess policy (Attach existing policies directly)

Take note of:

The generated password
The IAM user's username
Your Account ID

Log out of the root user

Go to the AWS Console and sign in using IAM user

Enter your Account ID

Enter your IAM user's username and auto-generated password

Set your actual password this time

Set up Mutli-Factor Authentication for this IAM user that is in the root account.

You now have an admin IAM user within your root account. This user will show up in IAM and should only be used for creating other users (eg. for Terraform/other admins)

Creating a sibling account

The following steps assume that the intiial setup of a root user has been done and you are logged in as that root user in the root account.

Go to AWS Organizations

Create a new organization so that it is a child of the Root account and a sibling of your management account

Log out of your root user

Go to the AWS Console and sing in using the Root user

Enter the email of the sibling organization

Click on Forgot Password

Go to your email and click on the link to set the password of the root user of the sibling account

Follow the steps in the first-time setup to setup the root user and the IAM user for this sibling account