What is AWS Account Root User?
The root user is the identity created with the AWS account that has unrestricted access to every resource and cannot be limited by IAM policies.
Because the root user bypasses IAM permissions and even some guardrails, it should almost never be used for day-to-day work. AWS recommends locking it down: enable MFA, remove any root access keys, and use it only for the few tasks that strictly require it, such as changing the account email or closing the account.
Service control policies in AWS Organizations can restrict what the root user of a member account can do, which is the main way to put guardrails around an otherwise unconstrained identity.
Common mistake
Using the root user for routine administration or leaving root access keys active. Create an IAM admin role for daily work and keep root locked behind MFA.
Related terms
Analyze a real policy free
Shieldly's AI-Powered analyzer explains why an IAM policy is risky and returns the fix in seconds. No signup, no AWS credentials. Also ships as CLI, VS Code extension, GitHub Action, and CDK Guard.
Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.