Root access to the AWS Management Console is alway through an email address and password.
In addition, you can add two factor authentication.
The root account always has access to everything in that AWS account, and is therefor extremely dangerous.
Best practice is to not use the root account for anything.
Therefore, set up groups and users for people to log in as.
You want to have at least 2 administrator accounts, in case something breaks on one of the accounts.
Amazon Creating Your First IAM Admin User and Group
Working with Root Access Keys
aws iam list-groups
aws iam create-group --group-name "adminpeople"
aws iam attach-group-policy --group-name "adminpeople" --policy-arn "arn:aws:iam::aws:policy/AdministratorAccess"
where AdministratorAccess is a pre built AWS policy
aws iam list-group-policies --group-name "adminpeople"
is not producing any output ?
aws iam create-user --user-name "Mark"
aws iam add-user-to-group --group-name "adminpeople" --user-name "Mark"
aws iam create-access-key --user-name Mark
which returns your Access keys
ACCESSKEY AKIAIOSFODNN7EXAMPLE 2017-01-05T17:11:46.076Z wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY Active Mark
Save the Access Key and the Secret Access Key in a safe place, since you will not be able to get the Secret Access Key ever again.
Remove the ability for this user to log in to the AWS Management Console
aws iam delete-login-profile --user-name Mark
aws iam get-login-profile --user-name Mark
Use the AWS Management Console for this
Welcome to Identity and Access Management
Activate MFA on your root account
Manage MFA
Select - A hardware MFA device
Verify that the device was set up correctly
aws iam list-mfa-devices
aws iam list-access-keys
ACCESSKEYMETADATA AKIAIOSFODNN7EXAMPLE 2016-01-28T15:58:27Z Active
aws iam delete-access-key --access-key AKIAIOSFODNN7EXAMPLE