Scribd
Upload
66 views

Difference Between Root User and Iam User in Aws

The root user is the account owner who has full access to all AWS resources in the account. IAM users are created by the root user or an IAM administrator and have restricted access defined by policies. While the root user can perform any task, it is recommended to use an IAM user with administrator permissions for everyday tasks and lock the root user credentials away since they cannot be restricted by policies. IAM allows controlling access to AWS services and resources by creating unique users and defining which resources each user can access.

Uploaded by

maheshpolasani
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
66 views

Difference Between Root User and Iam User in Aws

The root user is the account owner who has full access to all AWS resources in the account. IAM users are created by the root user or an IAM administrator and have restricted access defined by policies. While the root user can perform any task, it is recommended to use an IAM user with administrator permissions for everyday tasks and lock the root user credentials away since they cannot be restricted by policies. IAM allows controlling access to AWS services and resources by creating unique users and defining which resources each user can access.

Uploaded by

maheshpolasani
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 1

Difference between Root user and IAM user in AWS ?

There are two different types of users in AWS. You are either the account owner (root user) or you are
an AWS Identity and Access Management (IAM) user. The root user is created when the AWS account is
created. IAM users are created by the root user or an IAM administrator for the account.

*All AWS users have security credentials.

Root user credentials

The credentials of the account owner allow full access to all resources in the account. You can't use IAM
policies to explicitly deny the root user access to resources. You can only use an AWS
Organizations service control policy (SCP) to limit the permissions of the root user of a member account.
Because of this, we recommend that you create an IAM user with administrator permissions to use for
everyday AWS tasks and lock away the access keys for the root user.

There are specific tasks that can be performed only by the root user. For example, only the root user can
close your account. If you need to perform a task that requires the root user, sign in to the AWS
Management Console using the email address and password of the root user. For more information,
see Tasks that require root user credentials.

IAM credentials

With IAM, you can securely control access to AWS services and resources for users in your AWS account.
For example, if you require administrator-level permissions, you can create an IAM user, grant that user
full access to your account, and then use those credentials to interact with AWS. If you need to modify
or revoke your permissions, you can delete or modify the policies that are associated with that IAM
user.

If you have multiple users that require access to your AWS account, create unique credentials for each
user and define who has access to which resources. You don't need to and shouldn't share credentials.
For example, you can create IAM users with read-only access to resources in your AWS account and
distribute the credentials for each IAM user to one of your users.

You might also like