Tasks that require root user credentials

We recommend that you configure an administrative user in AWS IAM Identity Center (successor to AWS Single Sign-On) to perform daily tasks and access AWS resources. However, you can perform the tasks listed below only when you sign in as the root user of an account.

Change your account settings. This includes the account name, email address, root user password, and root user access keys. Other account settings, such as contact information, payment currency preference, and AWS Regions, don't require root user credentials.
Restore IAM user permissions. If the only IAM administrator accidentally revokes their own permissions, you can sign in as the root user to edit policies and restore those permissions.
Activate IAM access to the Billing and Cost Management console.
View certain tax invoices. An IAM user with the aws-portal:ViewBilling permission can view and download VAT invoices from AWS Europe, but not AWS Inc. or Amazon Internet Services Private Limited (AISPL).
Close your AWS account.

For more information, see the following topics:
Register as a seller in the Reserved Instance Marketplace.
Configure an Amazon S3 bucket to enable MFA (multi-factor authentication).
Edit or delete an Amazon Simple Queue Service (Amazon SQS) resource policy that denies all principals.
Edit or delete an Amazon Simple Storage Service (Amazon S3) bucket policy that denies all principals.
Sign up for AWS GovCloud (US).
Request AWS GovCloud (US) account root user access keys from AWS Support.
In the event that an AWS Key Management Service key becomes unmanageable, you can recover it by contacting AWS Support as the root user.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Deleting access keys for the root user

Troubleshooting root user issues