Tasks that require root user credentials
We recommend that you configure an administrative user in Amazon IAM Identity Center to perform daily tasks and access Amazon resources. However, you can perform the tasks listed below only when you sign in as the root user of an account.
Tasks
-
Change your account settings. This includes the account name, email address, root user password, and root user access keys. Other account settings, such as contact information, payment currency preference, and Amazon Web Services Regions, don't require root user credentials.
-
Restore IAM user permissions. If the only IAM administrator accidentally revokes their own permissions, you can sign in as the root user to edit policies and restore those permissions.
-
Activate IAM access to the Billing and Cost Management console.
-
View certain tax invoices. An IAM user with the aws-portal:ViewBilling permission can view and download VAT invoices from Amazon Europe, but not Amazon Inc. or Amazon Internet Services Private Limited (AISPL).
-
Close your Amazon Web Services account.
For more information, see the following topics:
-
Register as a seller in the Reserved Instance Marketplace.
-
Configure an Amazon S3 bucket to enable MFA (multi-factor authentication).
-
Edit or delete an Amazon Simple Storage Service (Amazon S3) bucket policy that denies all principals
. -
Request Amazon GovCloud (US) account root user access keys from Amazon Web Services Support.
-
In the event that an Amazon Key Management Service key becomes unmanageable, you can recover it by contacting Amazon Web Services Support as the root user.