Amazon Web Services
General Reference (Version 1.0)

Root Account Credentials vs. IAM User Credentials

All AWS accounts have root account credentials. These credentials allow full access to all resources in the account. Because you can't control the privileges of the root account credentials, you should store them in a safe place and instead use AWS Identity and Access Management (IAM) user credentials for day-to-day interaction with AWS.

With IAM, you can securely control access to AWS services and resources for users in your AWS account. For example, if you require administrator-level permissions, you can create an IAM user, grant that user full access, and then use those credentials to interact with AWS. Later, if you need to revoke or modify your permissions, you can delete or modify any policies that are associated with that IAM user.

Additionally, if you have multiple users that require access to your AWS account, you can create unique credentials for each user and define who has access to which resources. In other words, you don't need to share credentials. For example, you can create IAM users with read-only access to resources in your AWS account and distribute those credentials to users that require read access. For more information about IAM, see IAM User Guide.


Any activity or costs that are associated with the IAM user are billed to the AWS account.