Root User
💡 Definition
The Root User is the single identity that has complete access to all AWS services and resources in the account. It is created when you first create your AWS account.
🔑 Key Concepts
- Unlimited Access: Can do anything (close the account, change billing, delete everything).
- Email Address: You sign in using the email address and password used to create the account.
- Cannot be restricted: IAM policies cannot deny permissions to the root user.
⚙️ How it Works
It is the "superuser" of the account. Because it is so powerful, it should be secured heavily and rarely used.
🎯 Use Cases
- First Setup: Creating the first IAM User (Admin).
- Account Management: Changing the support plan, closing the account, restoring IAM user permissions.
- Specific Tasks: Some rare tasks (like configuring CloudFront private keys) require root.
💰 Pricing Model
- N/A (Account identity).
📝 Exam Tips (CLF-C02)
- Best Practice #1: Protect the Root User.
- Enable MFA.
- Delete any Access Keys.
- Use a strong, unique password.
- Best Practice #2: Do not use for daily tasks. Create an Admin IAM User instead.