A Step-by-Step Guide to Creating a Sub-User Account in AWS

Are you looking to delegate specific tasks or manage access to AWS resources more securely within your organization? Creating sub-user accounts from your root AWS account can provide the solution you need. Follow this comprehensive guide to learn how to create sub-user accounts step by step.

Step 1: Sign In to Your AWS Management Console

1. Access the AWS Management Console: Open your web browser and navigate to the AWS Management Console at aws.amazon.com.
2. Sign In to Your Root AWS Account: Enter your root account email address and password to log in.

AWS Management Console Page

Step 2: Navigate to the IAM Dashboard

1. Open the IAM Console: In the AWS Management Console, search for “IAM” (Identity and Access Management) in the search bar or find it under the “Security, Identity, & Compliance” section.

Creating a new sub-user account

Step 3: Create a New IAM User

1. Select “Users” from the IAM Dashboard: In the IAM console, locate and click on “Users” from the left-hand navigation pane.
2. Click on “Add user”: On the Users page, click on the “Add user” button to start creating a new IAM user.
3. Enter User Details: Provide a username for the new user and choose the access type:

Enter the details of the new user

(if you want to give user access to management console, then check on the box of “Provide user access to the AWS Management Console — optional”)

Click on “I want to create a new user” generate a new and strong password for the new user, and then click on “Next”.

Creating passwords for new user

• Access type: Select either “Programmatic access” (for API access) or “AWS Management Console access” (for console access).
• Console password: If you selected “AWS Management Console access,” set a custom password or let AWS auto-generate one.

4. Set Permissions: Assign the necessary permissions to the user:

• Attach existing policies directly: Choose from existing policies that define permissions or create custom policies.

Attaching the policies to the user

• Add user to group: Optionally, add the user to an existing group with predefined permissions.

5. Review and Create User: Review the user details, permissions, and settings. Click “Create user” to proceed.

Step 4: Access Key and Secret Access Key (For Programmatic Access)

1. Note Down Access Key: If you selected “Programmatic access” in Step 3, an access key ID and secret access key will be generated. Note down these credentials securely as they’re needed for API access.

Download the Access key CSV

Step 5: Inform the Sub-User

1. Provide User Access Details: Share the username, password (if applicable), and access key credentials (if applicable) with the sub-user.

Step 6: Optional: Configure Multi-Factor Authentication (MFA)

1. Enable MFA: For added security, consider enabling multi-factor authentication for the sub-user account. This requires the use of a hardware or virtual MFA device to generate authentication codes.

Step 7: Testing Access

1. Log Out of Root Account: For testing purposes, log out of your root AWS account.
2. Log In as Sub-User: Use the credentials provided to log in as the sub-user and verify access to the AWS Management Console or API, depending on the access type granted.

By following these steps, you’ve successfully created a sub-user account in AWS, allowing you to delegate responsibilities and manage access to AWS resources more effectively within your organization.