The standard practice for creating IAM resources is to create roles that a given user can assume, which grants the user elevated privileges for a limited period of time (typically up to 1 hour). At a minimum, you need to create one IAM role by default:
- admin: This role grants full administrative control of the account, except for billing information
To create the admin role, select Services | IAM from the AWS console, select Roles from the left hand menu, and click on the Create role button. In the Select type of trusted entity screen, select the Another AWS account option and configure your account ID in the Account ID field:
After clicking the Next: Permissions button, select the AdministratorAccess policy, which grants the role administrative access:
Finally, specify a role name of admin and then click Create role to complete the creation of the admin role:
This creates the admin IAM role. If you click on the newly created role, take note of the Role ARN (Amazon Resource Name) of the role, as you will need this value later on:
