Coursera - AWS Cloud Technical Essentials - Creating IAM Groups Best Practice

There are several reasons why it is a best practice to create an IAM user with administrator permissions and use this user to create IAM groups, users, and policies for the rest of the people using the AWS account, rather than using the root user:

Security: The root user is the most privileged user in an AWS account and has access to all resources and services. By creating an IAM user with administrator permissions, you can ensure that the root user is not used for day-to-day management tasks and that access to the root user is limited to a small number of trusted individuals.

Auditing: By using an IAM user with administrator permissions to create IAM groups, users, and policies, you can track who is making changes to your AWS environment and when those changes were made. This can be useful for compliance and security purposes.

Least Privilege: It's a best practice to only provide access to the resources and permissions that are necessary to perform a specific task. By creating an IAM user with administrator permissions, you can ensure that this user only has the permissions required to create IAM groups, users, and policies, rather than having access to all resources and services.

Cost control: By limiting access to the root user, you can also control costs by ensuring that the root user's credentials are not used to create unnecessary resources or incur unexpected charges.

Separation of duties: By creating an IAM user with administrator permissions, you can separate the responsibilities of managing the AWS environment from the responsibilities of managing the root user. This can help to prevent accidental or malicious changes to the AWS environment.

In summary, using an IAM user with administrator permissions for creating IAM groups, users and policies instead of using the root user is a best practice for security, auditing, cost control, least privilege and separation of duties.