For security reasons, I recommend you use the root account only for billing! So, the first thing is to create another user with fewer privileges:
Create a user with the following steps:
- Sign into the AWS Management console (https://console.aws.amazon.com/).
- Choose Security, Identity, & Compliance > IAM or search for IAM under Find services.
- In the IAM page, choose Add User.
- For User name, type new user on the set user details pane.
- For Select AWS access Type, select the check boxes next to Programmatic access, AWS Console access. Optionally select Autogenerated password and Require password rest.
- Choose Next: Permissions:
Follow these steps to set the permission for the new user:
- Choose Create group.
- In the Create group dialog box, type Administrator for new group name.
- In policy list, select the checkbox next to AdministratorAccess (note that, for non-proof of concept or non-development AWS environments, I recommend using more restricted access policies).
- Select Create group.
- Choose refresh and ensure the checkbox next to Administrator is selected.
- Choose Next: Tags.
- Choose Next: Review.
- Choose Create user.
- Choose Download .csv and take a note of the keys and password. You will need these to access the account programmatically and log on as this user.
- Choose Close.
More details on creating a new user can be found at https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html.
As with the root account, I recommend you enable MFA:
- In the Management Console, choose IAM | User and choose the newuser.
- Choose the Security Credentials tab, then choose Manage next to Assigned MFA device Not assigned.
- Choose a virtual MFA device and choose Continue.
- Install an MFA application such as Authy (https://authy.com/).
- Choose Show QR code then scan the QR code with you smartphone. Click on the Account and generate an Amazon six-digit token.
- Type the six-digit token in the MFA code 1 box.
- Wait for your phone to generate a new token, which is generated every 30 seconds.
- Type the six-digit token into the MFA code 2 box.
- Choose Assign MFA.