A new AWS account is granted, by default, root privileges. That means it has access to everything. Best practices dictate we avoid using root privileges whenever possible.
Instead of using root, create an Administrator user account (within your new AWS account) to manage stuff. Then lock away the root privileges, dragging it out only when absolutely necessary.
Here’s a quick cheat sheet. For a more thorough guide, see Reference section at bottom of page.
- Logged into AWS, go to the IAM service page
- Create New Group (e.g. ‘Administrators’) if it does not already exist
- Attach AdministratorAccess policy
- Add User (e.g. ‘Administrator’)
- Choose AWS Management Console access
- Under Set permissions, choose Add user to group
- Choose Administrators (or, the group name from step 2)
- Add Tags if you like (Tagging IAM Entities)
- Choose Create user on review page.
- Log out as root user, log into your new Administrator account.
Example IAM naming standards (Harvard)