Summary

As a best practice, do not use the AWS account root user for any task where it’s not required. Instead, create a new IAM user for each person that requires administrator access. Then make those users administrators by placing the users into an “Administrators” group to which you attach the AdministratorAccess managed policy.

Prerequisite

AWS CLI

Create

Create Admins group:

aws iam create-group --group-name Admins

Verify:

aws iam list-groups

Attach full administrator policy:

aws iam attach-group-policy --group-name Admins --policy-arn arn:aws-cn:iam::aws:policy/AdministratorAccess

Verify:

aws iam list-attached-group-policies --group-name Admins

Create IAM user:

aws iam create-user --user-name MyUser

Add IAM user to Admin group:

aws iam add-user-to-group --user-name MyUser --group-name Admins

Verify:

aws iam get-group --group-name Admins

Set password:

aws iam create-login-profile --user-name MyUser --password ChangeMe#1234 --password-reset-required

Source: https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/getting-started_create-admin-group.html

Source: https://docs.aws.amazon.com/cli/latest/userguide/cli-services-iam-set-pw.html