If you enjoy heart palpitations and dramatic password resets then keep using the root account for daily tasks. If you prefer not to cry into your keyboard at 3 a m make an IAM admin user and treat the root account like a rare artifact. Creating a dedicated admin user improves security and lets you delegate tasks without handing over the nuclear keys.
Sign in as the root user only when you absolutely must or use an existing administrator account for regular setup. From the AWS Management Console search for IAM and open the dashboard where users, groups, roles and policies live together in mild chaos.
You can attach the AWS managed policy named AdministratorAccess to give everything to a user in one click. That is convenient and dangerous in equal measure. Better practice is to assign scoped permissions or put the user in a group that grants only the required permissions. Think of AdministratorAccess as a blunt instrument and least privilege as a scalpel. For example if this admin only needs to manage S3 then give S3 permissions rather than everything.
Groups make life easier. Create an administrators group and attach the necessary policies there. Add users to the group so permissions are consistent and auditable.
Multifactor authentication stops credential theft from turning into a full blown disaster. Enable MFA for the new admin user and enforce a strong password policy in the IAM password settings. Hardware tokens or authenticator apps work well and do not require you to whisper secret codes into Slack.
After verification stop using the root account for daily tasks and store root credentials securely. Consider storing them offline and enable MFA for the root user too. Less frequent use means fewer opportunities for mistakes and fewer opportunities for attackers.
Creating an AWS IAM admin user in the Management Console is simple and worth the two minutes it takes. Follow these steps for better security and fewer 2 a m panics. You keep your root account under lock and keep the rest of your team doing actual work without playing admin roulette.
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.