• Contents:

Refresher: Account Root User

• Mentioned in AWS Accounts - the Basics
• Mentioned in AWS IAM 101

Root User Privileges

Ref: https://www.udemy.com/course/aws-certified-cloud-practitioner-new/learn/lecture/24682630

• 💡 Remember that the root user of an account (which can be considered the account owner, and is NOT an IAM identity) should NOT be used for everyday tasks, since it can't be restricted
  • Create an admin user for everyday administrative tasks
  • Secure your root user with MFA and lock away its access keys
• ❗ Root user is still needed for SOME important tasks, exam can test you!
• ‼️ Memorize these privileges:
  • Change account settings (account name, email address, root user password, root user access keys)
  • Close/delete your AWS account
  • Change or cancel your AWS Support Plan
  • Register as a seller in the Reserved Instance Marketplace
    • 💡 If you purchase an instance reservation for 3 years, but end up only needing it for 2 years, you can advertise your unused capacity in this marketplace. You need the root user to register as seller.
• Not necessary to memorize, but for completion:
  • Some billing controls
  • View certain tax invoices
  • Restore IAM user permissions
  • Configure an S3 bucket to enable MFA
  • Edit or delete an Amazon S3 bucket policy that includes an invalid VPC ID or VPC endpoint ID
  • Sign up for GovCloud