In this chapter, you learned how to get started with AWS by creating a free account and establishing a root user for your account. You learned how to secure root access using multi-factor authentication, and then created a number of IAM resources that are required to administer your account. You first created an administrative IAM role called admin, and then created an Administrators group which you assigned the single permission of being permitted to assume your administrative IAM role. This approach of assuming roles is the recommend and best practice method of administering AWS, and supports more complex multi-account topologies where you can host all of your IAM users in one account and assume administrative roles in other accounts.
You then created a Users group and assigned a managed policy that forces a requirement for multi-factor authentication (MFA) for any user belonging to that group. MFA should be considered a mandatory security requirement these days for any organization...