When you create a new AWS account, you should also set up the IAM service accordingly:
- Create an account alias (IAM dashboard → AWS Account sidebar).
- Add an admin user so you don’t use the root user everyday: IAM → Users → Create Users
- Specify user details
- name it AWS admin
- provide user access to AWS Management Console
- select IAM user
- choose a password
- unselect “Users must create a new password at next sign-in” since we are not giving this account to someone else
- Set permissions: attach policies directly
- use “AdministratorAccess” AWS managed policy
- Specify user details
- Set up MFA for IAM admin.
- Require all users to have MFA.
- Add an access key only if you need it.