Using the AWS account root user - AWS Account Management

Using the AWS account root user

When you first create an Amazon Web Services (AWS) account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is the AWS account root user. You can sign in as the root user using the email address and password that you used to create the account.


We strongly recommend that you don't use the root user for your everyday tasks, including the administrative tasks. Instead, follow the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only those few account and service management tasks that require you to sign in as the root user. For the list of those tasks, see Tasks that require root user credentials. For a tutorial on how to set up an administrator for daily use, see ***LINK***.

You can change the root user password, and create, rotate, deactivate, or delete access keys (access key IDs and secret access keys) for your root user. Anyone who has root user credentials for your AWS account has unrestricted access to all the resources in your account, including billing information.

You can change the email address and password on the Security Credentials page. You can also choose Forgot password? on the AWS sign-in page to reset your password.