What is the difference between account name and user name in AWS?

Question

I have created a new AWS account. During the creation process I had to provide an email id, password and account name.

To login I use my email id and password.

1. What exactly is the purpose of AWS account name? Is it like a company name? So a container where I am the administrator?

2. If I want to add users then do I have to create users in IAM or do I have to ask them to create an account first with AWS?

Answer 1

In AWS the account is tied to an email address, this is one of the unique identifiers for your account (you cannot have multiple accounts tied to one email address).

When your account is created it will have an account ID, you can create an alias (that must be unique) that will map to this account ID and can be used during authentication.

The email address is used to login to the root user in AWS, this user should not be used to interact with AWS services and should be locked down with MFA and a good password. By default it is the only way to see and configure billing information.

A user who should be tied to this account should have an IAM user created for them with an appropriate policy that will allow them to do their job role. They should not be registering for AWS as this will create an AWS account for them vs joining your account.

When they login they should enter either an account ID or the alias, along with their IAM console credentials (not the same as access key/secret key).