ACCT.02 – Restrict use of the root user

The root user is created when you sign up for an AWS account, and this user has full ownership privileges and permissions over the account that cannot be changed. Only use the root user for the specific tasks that require it. For more information, see Tasks that require root user credentials (AWS Account Management). Perform all other actions in your account by using other types of IAM identities, such as federated users with IAM roles. For more information, see AWS security credentials (IAM documentation).

To restrict use of the root user

Require multi-factor authentication (MFA) for the root user as described in ACCT.05 – Require multi-factor authentication (MFA) to log in.
Create an administrative user so that you don't use the root user for everyday tasks. For more information about configuring user access, see ACCT.03 – Configure console access for each user.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ACCT.01 – Set account-level contacts

ACCT.03 – Configure console access