Menu
Amazon Web Services
General Reference (Version 1.0)

Root Account Credentials vs. IAM User Credentials

All AWS accounts have root account credentials (that is, the credentials of the account owner). These credentials allow full access to all resources in the account. Because you can't restrict permissions for root account credentials, we recommend that you delete your root access keys and then create AWS Identity and Access Management (IAM) user credentials for everyday interaction with AWS. For more information, see Lock away your AWS account (root) access keys in the IAM User Guide.

Note

You may need root account access for specific tasks, such as changing a AWS support plan or closing your account. In these cases, sign in to the AWS Management Console with your email and password. See Email and password (account root user).

With IAM, you can securely control access to AWS services and resources for users in your AWS account. For example, if you require administrator-level permissions, you can create an IAM user, grant that user full access, and then use those credentials to interact with AWS. If you need to modify or revoke your permissions, you can delete or modify the policies that are associated with that IAM user.

If you have multiple users that require access to your AWS account, you can create unique credentials for each user and define who has access to which resources. You don't need to share credentials. For example, you can create IAM users with read-only access to resources in your AWS account and distribute those credentials to your users.

Note

Any activity or costs that are associated with the IAM user are billed to the AWS account owner.