Roles may not be assumed by root accounts

How do I use the thufir profile I created, and not use the AWS root account? I'm on page 12 of the _AWS Command Line Interface User Guide_: thufir@doge:~$ thufir@doge:~$ cat .aws/config [default] output = text region = us-west-2 [profile thufir] role_arn = arn:aws:iam::1234567890:user/thufir source_profile = default thufir@doge:~$ thufir@doge:~$ aws iam list-users USERS arn:aws:iam::1234567890:user/thufir 2017-01-02T10:09:01Z / ABCDEFGIJKL thufir thufir@doge:~$ thufir@doge:~$ aws s3 ls --profile thufir An error occurred (AccessDenied) when calling the AssumeRole operation: Roles may not be assumed by root accounts. thufir@doge:~$ thufir@doge:~$ export AWS_DEFAULT_PROFILE=thufir thufir@doge:~$ thufir@doge:~$ aws s3 ls --profile thufir An error occurred (AccessDenied) when calling the AssumeRole operation: Roles may not be assumed by root accounts. thufir@doge:~$ [Page 12 of the _AWS Command Line Interface User Guide_](http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html#cli-role-prepare) says:

After creating the role, modify the trust relationship to allow the IAM user to assume it. The following example shows a trust relationship that allows a role to be assumed by an IAM user named jonsmith :

{
  "Version": "2012-10-17",
  "Statement": [
  {
    "Sid": "",
    "Effect": "Allow",
    "Principal": {
      "AWS": "arn:aws:iam::123456789012:user/jonsmith"
    },
  "Action": "sts:AssumeRole"
}

Is that done locally in a config file physically on my machine, or through a website, or...? *I think this may relate to roles rather than a **profile** as I have configured.*