AWS Users Introduction: Root, Admin, CLI, and Terraform

Jan 28, 2026

Managing users in AWS is a critical first step for any cloud project. This guide covers the essential practices for setting up your AWS environment securely.

The Root User vs. IAM Users

The Root User is the email address used to create the AWS account. It has absolute power. Never use the root user for daily tasks.

Creating an Admin User

  1. Log in as Root.
  2. Navigate to IAM (Identity and Access Management).
  3. Create a new user with AdministratorAccess.
  4. Enable MFA (Multi-Factor Authentication).

CLI Access and Programmatic Users

For tools like the AWS CLI or Terraform, you need programmatic access.

Creating a Terraform User

  1. Add a new user named terraform-svc.
  2. Select Programmatic access.
  3. Attach policies directly (e.g., AmazonS3FullAccess, AmazonEC2FullAccess).
  4. Download the Access Key ID and Secret Access Key.

Configuring the CLI

Once you have your keys, run:

aws configure

Enter your keys and default region. This creates a profile in ~/.aws/credentials.

Infrastructure as Code (Terraform)

Terraform uses these credentials to manage your AWS resources. Always follow the principle of least privilege when assigning policies to your Terraform user.

provider "aws" {
  region = "us-east-1"
}

resource "aws_s3_bucket" "my_bucket" {
  bucket = "my-unique-terraform-bucket"
}

Security is a journey, not a destination. Keep your keys safe!

← Back to blog