Using the AWS account root user - AWS Account Management

Using the AWS account root user


Anyone who has root user credentials for your AWS account has unrestricted access to all the resources in your account, including billing information.

When you create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account. We strongly recommend that you don't use the root user for your everyday tasks. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform. For the complete list of tasks that require you to sign in as the root user, see Tasks that require root user credentials in the IAM User Guide.

To avoid using the root user for everyday tasks, learn how to set up an administrative user in AWS IAM Identity Center. For additional root user security recommendations, see Root user best practices for your AWS account.

You can change, or reset the root user password, and create, or delete access keys (access key IDs and secret access keys) for your root user. For help signing in using your root user, see Sign in to the AWS Management Console as the root user in the AWS Sign-In User Guide.