Changing the password for the root user - AWS Account Management

Changing the password for the root user

To change the root user's password, you must sign in as the AWS account root user and not as an IAM user. To learn how to reset a forgotten root user password, see Resetting lost or forgotten passwords or access keys for AWS in the IAM User Guide.

To protect your password, it's important to follow these best practices:

  • Change your password periodically.

  • Keep your password private because anyone who knows your password can access your account.

  • Use a different password on AWS than you use on other sites.

  • Avoid passwords that are easy to guess. These include passwords such as secret, password, amazon, or 123456. Also avoid things like dictionary words, your name, email address, or other personal information that someone can easily obtain.

AWS Management Console
To change the password for the root user
Minimum permissions

To perform the following steps, you must have at least the following IAM permissions:

  • You must sign in as the AWS account root user, which requires no additional AWS Identity and Access Management (IAM) permissions. You can't perform these steps as an IAM user or role.

  1. Use your AWS account's email address and password to sign in to the AWS Management Console as your AWS account root user.

  2. In the upper right corner of the console, choose your account name or number and then choose My Account.

  3. On the right side of the page, in the Account Settings section, choose Edit.

  4. On the Password line, choose Edit to change your password.

  5. Choose a strong password. Although you can set an account password policy for IAM users, that policy doesn't apply to the root user.

    AWS requires that your password meet the following conditions:

    • It must have a minimum of 8 characters and a maximum of 128 characters.

    • It must include a minimum of three of the following mix of character types: uppercase, lowercase, numbers, and ! @ # $ % ^ & * () <> [] {} | _+-= symbols.

    • It must not be identical to your AWS account name or email address.


    AWS is rolling out improvements to the sign-in process. One of those improvements is to enforce a more secure password policy for your account. If AWS has upgraded your account, you are required to meet the password policy described earlier. If AWS hasn't yet upgraded your account, then AWS doesn't yet enforce this policy. However, we strongly recommend that you follow its guidelines for a more secure password.


This task isn't supported in the AWS CLI or by an API operation from one of the AWS SDKs. You can perform this task only by using the AWS Management Console.