AWS Create IAM User

When you set up a new AWS account, you start out with only a root user account. You rarely want to use the root user account due to security concerns for your account. It is better to create at least one IAM user that you use for day-to-day administrative activities. In this post we will go over how to create an administrator IAM account. In this case, we will also set up CodeCommit credentials for this new IAM user.

This post assumes that you only have a root user for your AWS account.

This is a post in the "Blog on a Budget" series.

Table of Contents

Create an IAM User

  1. Got to the AWS root login page, it should look something like this:

Root User Sign In

  1. Sign in as the root user of the account where you want to set up the new IAM user.

  2. Once logged in, you will see the AWS Console homepage:

Console Homepage

  1. Search for IAM in the top search bar and then select IAM from the resulting dropdown:

Select IAM

  1. You are now at the IAM dashboard:

IAM Add Dashboard

  1. Select user from the left-hand menu.

  2. Then select the blue Add users button on the right:

IAM Add User

  1. You will be presented with a form where you can fill in the new IAM user name:

IAM User Details

  1. Fill in a name for the user in the User name field.

  2. Then select the checkbox next to "Provide user access to the AWS Management Console":

More IAM User Details

  1. Because we want to eventually create CodeCommit credentials, we want to select the "I want to create an IAM user" radio button.

  2. In my case, I already had a complex password ready, so I chose the Custom password option.

  3. When you have things ready, select the orange Next button.

  4. This will bring us to a page where we can set credentials for this user:

IAM User Permissions

  1. In this case, we want this to be our non-root administrative user, so we are going to grant it the AdministratorAccess permissions by selecting the checkbox next to the policy.

  2. Then we are going to search for billing permissions.

  3. Once we find the Billing policy, we will select the checkbox for that one as well:

IAM Set Billing

  1. Once both policies are both selected, we will select the orange Next button.

  2. This will bring us to the Review and create page for final review:

IAM Review Create

  1. If everything looks good, then select the orange Create user button.

  2. You will then be presented with the option to retrieve this user's password one last time:

IAM Get Password

  1. If you are sure you have the password for this new user stored someplace safely already, then go ahead and select the orange Return to users list button.

  2. This should bring you back to a page where you can see your new user listed:

IAM User Created

Now you have a new IAM administrative user ready. However, since this account has so much power within your account, it is good practice to set up Multi-Factor Authentication (MFA) for this account. Setting up MFA is covered in the next section.

Enabled MFA for IAM user

  1. If we click on our new user name from the user list, we will be presented with a page that shows a lot of details about this user:

IAM MFA Not Enabled

  1. Note that there is a sentence with red text that reads, "Enabled without MFA".

  2. If we click on that red text, an option will appear which will let us set up MFA:

IAM Enable MFA

  1. Select the Enable MFA button.

  2. This will bring up a page that will allow you to select an MFA device:

IAM Select MFA Device

  1. In this case, we are going to set up MFA using an Authenticator app. There is more detail about some Authenticator app options in the post about setting up MFA for the root user.

  2. Fill in the device name for this MFA configuration.

  3. Select the orange Next button.

  4. This will bring up a page where you can scan in the QR code and enter two consecutive MFA codes:


  1. Once you have scanned the QR code and filled in two consecutive MFA codes, select the orange Add MFA button.

  2. The user detail page will then be displayed with a green banner letting you know that the MFA was successfully configured:

IAM MFA Assigned

  1. You will notice that where there used to be red text, there is now regular text that states, "Enabled with MFA".

At this point you have created a new IAM administrative user and enabled MFA for that user.

Next we are going to create some CodeCommit credentials.

Set up CodeCommit Credentials

  1. On the IAM user detail page for the current user, select the Security credentials tab and scroll down until you see the section with the heading, "HTTPS Git credentials for AWS CodeCommit":

IAM HTTPS CodeCommit Credentials

  1. Select one of the Generate Credentials buttons for this section.

  2. A window will then pop up with the details of the credentials that were just generated:

IAM CodeCommit Credentials Ready

  1. Copy the credentials to a safe place because you will need them to interact with CodeCommit from this account (and this will be the only time you can view them).

You have now created HTTPS credentials that will allow you to interact with CodeCommit.

NOTE: Normally I would advocate for setting up a separate IAM user for your CodeCommit credentials and not an administrative IAM account. But for the purpose of this post, it was just easier to show this all at once with the creation of the administrative user.


In this post the following was done:

  1. Set up a new administrative IAM user.
  2. Added MFA to the new administrative IAM user.
  3. Learned how to set up CodeCommit credentials for an IAM user.

The new administrative IAM user should be used when you need to do administrative activities with your account (instead of the root user).