The administrator in the AWS console has full access to all AWS services and resources in the account. This means that he or she can create, modify and delete resources; manage permissions for other users; and view details about all the AWS services that are running in the account.
Administrators can perform a variety of tasks, including creating and managing users, groups, and roles in the IAM service; creating security groups; setting up and managing AWS services such as EC2, and S3, setting up load balancers and auto-scaling groups; viewing billing information.
It’s also a best practice to rotate administrators so no one person becomes a single point of failure and also to avoid any kind of malpractice.
To add new user as admin to AWS console, follow these steps:
- Go to the IAM dashboard.
- Select the Users menu from the left-hand side menu.
- Click the Add User button present on the right-hand side.
- On the Add User page, set the following things:
- Add the desired username.
- Check Access key – Programmatic access checkbox
- Check Password – AWS Management Console access checkbox.
- Set a Custom password.
- Click the Next: Permissions button.
- In the Set permissions section, click Attach existing policies directly tab.
- Check the AdministratorAccess policy.
- Click Create User to add new user as admin to AWS console and proceed to the final step.
- When you have finished filling out this form, your new administrator account credentials will be displayed on the next page. Make sure to download the CSV file and keep it safe–you won’t be able to access it again. Copy the Access Key and Secret Access Key for future usage.
After you create a user, the new administrator can log in to the AWS Management Console using their own username and password.
To ensure the security of your account, it’s important that your administrators have access to all resources and perform only the tasks that are necessary for their role.