Skip to content

Backend Deployment - AWS Account Setup with IAM Identity Center (Admin Access)

This guide walks you through creating a new AWS account, enabling IAM Identity Center, and setting up a secure admin user for daily operations — following AWS best practices.

1. Create and Secure Your AWS Account

  1. Go to aws.amazon.com and create a new account.
  2. Use a work or project-specific email, not a personal one.

  3. Choose a strong password.

  4. Enable MFA for the root user:

  5. Sign in to the AWS Management Console using your new root credentials.
  6. Go to Account → Security Credentials → Multi-Factor Authentication (MFA).

  7. Add a device (authenticator app recommended).

  8. Never use the root user for everyday tasks.
    Root is for:

  9. Billing and payment setup.
  10. Enabling new global services.
  11. Rare emergency or account-level operations.

2. Enable IAM Identity Center (Modern Access Management)

What It Is

IAM Identity Center (formerly AWS SSO) is AWS’s modern system for managing human users.
It provides a secure login portal and centralized access management.

Steps

  1. In the AWS Console search bar, type "IAM Identity Center" and open it.
  2. Click Enable IAM Identity Center.

You’ll see two options:

  • Organization instanceRecommended (use this one)
  • Account instance → for isolated, single-account use only.

Choose Organization instance — it allows centralized access and future multi-account management.

  1. Leave AWS Region as US East (N. Virginia) (or your preferred region).
  2. Leave encryption set to Use AWS-owned key.
  3. Confirm and enable IAM Identity Center.

This creates: - An organization (if you didn’t have one yet). - An organization instance of IAM Identity Center tied to your account.

3. Create an Admin User in Identity Center

Once Identity Center is active:

  1. Go to IAM Identity Center → Users → Add user.
  2. Fill in:
  3. Username: (cannot be changed later)
  4. Email address: (you’ll receive an invite)
  5. First/Last name: optional
  6. Choose Send email with password setup instructions.
  7. Skip group assignment for now.
  8. Click Add user.

You’ll receive an email invitation.
Follow the link to: - Create your password. - Register your MFA device (Authenticator app, hardware key, or built-in authenticator).

✅ Now you have a secure human identity in AWS.

4. Create an Administrator Permission Set

Next, define what this user can do.

Note: you may still be signed in as the new user you just created, if you followed the email link to set a new password You will need to temporarily sign back in as the root user to create the permission set.

  1. Go to IAM Identity Center → Permission sets → Create permission set.
  2. Choose Predefined permission set.
  3. Select the AWS managed policy AdministratorAccess.
  4. Optionally name it something like:
  5. Set session duration (e.g., 12 hours).
  6. Create the permission set.

This defines the level of access (full administrative permissions).

5. Assign the Admin User to Your AWS Account

  1. Go to IAM Identity Center → AWS accounts.
  2. Under the Root organizational unit, select your AWS account (this is your management account).
  3. Click Assign users or groups.
  4. Select the admin user you just created.
  5. Choose the AdministratorAccess permission set.
  6. Submit.

✅ Behind the scenes, Identity Center creates an IAM role in your AWS account that mirrors the AdministratorAccess policy.

6. Log In as the Admin User

  1. Go to your AWS Access Portal URL (shown on the Identity Center dashboard).
  2. It looks like: 
  https://d-xxxxxx.awsapps.com/start
  1. Log in using your new Identity Center username and password.
  2. Choose your AWS account tile → AdministratorAccessManagement Console.

You now have full administrative access to your AWS account — without using the root user.

7. Notes & Best Practices

  • The root user still exists but should be used only for billing or emergencies.
  • The admin Identity Center user now handles all day-to-day AWS console work.
  • Identity Center enforces MFA automatically for human logins.
  • You can add additional users or groups later and assign them permission sets like:
  • ReadOnlyAccess
  • PowerUserAccess
  • Custom roles for developers or auditors.

Summary

Step Action Purpose
1 Create AWS account & enable MFA Secure root user
2 Enable IAM Identity Center Centralized user access
3 Create admin user Human login with MFA
4 Create AdministratorAccess permission set Define permissions
5 Assign user to AWS account Grant permissions
6 Log in via access portal Secure day-to-day operations

< Backend Deployment - Overview

Next: Backend Deployment - AWS CLI Install Setup macOS >