What is IAM Root User in AWS?

What is IAM Root User in AWS?
  • When you first create an AWS account, you create an account (or root user) identity, which you use to sign in to AWS.

  • The 'account root user' credentials are the e-mail address used to create the account and a password that can be used to sign in to the AWS Management Console as the Root user.

  • When you sign in as the root user, you have complete, unrestricted access to all resources in your AWS account, including access to your billing information and the ability to change your password.

  • This level of access is necessary when you initially set up the account.

  • It is not possible to restrict the permission that is granted to the AWS account

AWS Recommendations

  • AWS recommends that you don't use root user credentials for everyday access.

  • Also, AWS recommends that you do not share your root user credentials with anyone, because doing so gives them unrestricted access to your account.

  • Create an IAM user for yourself and then assign administrative permission for your account.

  • You can then Sign-in as that user to add more users as needed.

  • An IAM user with administrative permissions is not the same as an AWS account with a root user.

IAM users

  • An IAM user is an entity that you create in AWS. It represents the person or service who uses the IAM user to interact with AWS

  • An IAM user can represent an actual person or an application that requires AWS access to perform the action on AWS Resources.

  • IAM users are global entities. No region is required to be specified when you define user permissions. Users can use AWS services in any Geographic Region.

Did you find this article valuable?

Support DevOps and Cloud Computing by becoming a sponsor. Any amount is appreciated!