Using the AWS account root user

Important

Anyone who has root user credentials for your AWS account has unrestricted access to all the resources in your account, including billing information.

When you create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account. We strongly recommend that you don't use the root user for your everyday tasks. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform. For the complete list of tasks that require you to sign in as the root user, see Tasks that require root user credentials in the AWS Account Management Reference Guide.

To avoid using the root user for everyday tasks, learn how to set up an administrator in AWS IAM Identity Center (successor to AWS Single Sign-On).

You can change the root user password, and create, rotate, deactivate, or delete access keys (access key IDs and secret access keys) for your root user.

You can change the email address and password on the Security Credentials page. You can also choose Forgot password? on the AWS sign-in page to reset your password.

Topics in this section

• Signing in as the AWS account root user
• Activate MFA on the AWS account root user
• Changing the password for the root user
• Creating and deleting access keys for the AWS account root user
• Comparing AWS account root user credentials and IAM user credentials
• Tasks that require root user credentials