Skip to main content

How to create super-admin-user

The super-admin-user user is necessary for performing administrative functions that IAM roles cannot, ensuring secure and controlled access to the root account while minimizing risks. These are the step-by-step instructions for creating a super-admin-user user in AWS, including setting permissions, enabling MFA, and securely storing credentials in 1Password.

Creating IAM resources (group, user) for super-admin

  • 1. Login to the AWS root account using the root credentials.
  • 2. Create a super-admin-group Group
    • In the IAM Console, select User Groups and click Create Group.
    • Name the group super-admin-group.
    • Under "Attach permissions policies", check "AdministratorAccess".
    • Click Create Group.
  • 3. Create a Security Baseline User
    • In the IAM Console, select Users and click Add Users.
    • Name the user super-admin-group.
    • Leave "Provide user access to the AWS Management Console - optional"; e.g using Programmatic Access for access type.
    • On the Set Permissions page, add the user to the super-admin-group.
    • Complete the creation process.

  • Set Up AWS Credentials for CLI

    After creating the user, generate access keys for the user:

    • Select the Security credentials tab on the super-admin-user details page.

    • Click Create access key to generate credentials.

    • Setup your AWS credentials by editing the ~/.aws/credentials file or Configure the credentials file for the AWS CLI as follows:

      aws configure --profile super-admin

    • Enter the access key ID, secret access key, default region, and output format.