Signing in as the AWS account root user - AWS Account Management

Signing in as the AWS account root user

We recommend that you sign in to your AWS account as the root user only when required to perform tasks that can be performed only by the root user.

AWS Management Console

To sign in as the root user, navigate to the console sign-in page.

If you see text boxes asking for Account ID, IAM user name, and Password, then you previously signed in to the console with IAM user credentials. Your browser might remember this preference and open this account-specific sign-in page every time that you try to sign in. You can't use this version of the sign-in page to sign in as the root user. If you see the IAM user version of the sign-in page, choose Sign in using root user email at the bottom of the page to return to the main sign-in page. From there, you can choose to sign in as the root user using your AWS account email address and password.

If multi-factor authentication (MFA) is activated for your account's root user, then you are next prompted to enter the one-time password from your device.

AWS CLI & SDKs

To use the AWS CLI or run API operations from an SDK as the account's root user, you must first have credentials in the form of an access key pair. You can then use those in your AWS CLI or SDK profile (such as Python and Boto3) to authenticate your requests.

Warning

We strongly recommend, that as a best practice, that you do not create access key pairs for your root user. Only a few tasks require the root user, and you typically perform those tasks infrequently enough that we recommend signing into the AWS Management Console and performing the tasks there.

To create access keys for the root user, see Creating and deleting access keys for the AWS account root user.