Create the user using the console or a CLI or API command.
If the user will be making API calls or using the command line interface (CLI), create an access key (an access key ID and a secret access key) for that user:
Important: This is the only opportunity to view or download the keys, and this information must be provided to your users before they can begin using an AWS API. Save the user’s new access key ID and secret access key in a safe and secure place. You will not have access to the secret access keys again after this step.
Save the user’s new access key ID and secret access key in a safe and secure place. You will not have access to the secret access keys again after this step.
If the Access Key and Secret key were not downloaded and saved during the user’s creation, you will need to create new access keys for the users later in “Manage Access Keys”:
Amazon AWS creating user best practices are described here:
Amazon AWS Creating User best practices.