ACCT.02 Restrict use of the root user

The AWS account root user is created when you sign up for an AWS account, and this user has full ownership privileges and permissions over the account that cannot be changed. Use the root user exclusively for tasks that require root user credentials. For more information, see Tasks that require root user credentials in the IAM documentation. Perform all other actions in your account by using other types of IAM identities, such as federated users with IAM roles. For more information, see AWS security credentials in the IAM documentation.

To restrict use of the root user

Require multi-factor authentication (MFA) for the root user. For more information, see ACCT.05 Require multi-factor authentication (MFA) to log in.
Create an administrative user so that you don't use the root user for everyday tasks. For more information about configuring user access, see ACCT.03 Configure console access for each user.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ACCT.01 Set account-level contacts to valid email distribution lists

ACCT.03 Configure console access for each user