You have to use IAM, but if you're feeling particularly rebellious then you can setup one Admin account and one API account with liberal permissions and never touch IAM again. For obvious reasons it wouldn't be recommended...
I know that you said "For obvious reasons it wouldn't be recommended..." but for anyone else reading please do not do this under any circumstances. If any of your applications get compromised the attacker will have full control of your entire AWS account.
