The AWS Account Root User is the first identity created with the AWS Account and has the highest level of privileges. The Root User account has unrestricted access to all AWS services and resources and is used for account and service management tasks, to create a new account for administrative, and other tasks.
We recommend you minimize the use of the Root User account by adopting the Principle of Least Privilege for access management. This reduces the risk of accidental changes and unintended disclosure of highly privileged credentials.
Replace usage of the AWS root with IAM users with minimal set of permissions necessary to access and manage just the required AWS resources and services. For example, you can add an MFA enabled user that can perform a limited set of privileged activities. Consider also using the IAM Administrator Managed Policy.
Consider using AirIAM, an open source project that enables creating least privilege IAM manifests that replace existing over-permissive IAM settings.
Updated about 2 years ago