See Doc
Create IAM users for different permissions, limited access to a specific resource, such as read only S3 bucket.
Access tokens are generated, and can be used in applications. Access tokens can also be used with AWS CLI
Read CLI Notes
Centralized Root Credentials Management
aws organizations enable-aws-service-access --service-principal iam.amazonaws.com
aws iam disable-organizations-root-credentials-management