Root User vs IAM User in AWS

Difference between Root User and IAM User in AWS

Difference between Root User and IAM User in AWS

User Permission and Access

AWS Identity and Access Management (IAM)

It enables you to manage access to AWS services and resources securely.

IAM gives you the flexibility to configure access based on your company’s specific operational and security needs. You do this by using a combination of IAM features, which are explored in detail in this lesson:

  • IAM users, groups, and roles
  • IAM policies
  • Multi-factor authentication

You will also learn best practices for each of these features.

AWS Account Root User

When you first create an AWS account, you begin with an identity known as the root user. 

The root user is accessed by signing in with the email address and password that you used to create your AWS account. You can think of the root user as being similar to the owner of the coffee shop. It has complete access to all the AWS services and resources in the account.

Account Root user

Best practice:

Do not use the root user for everyday tasks.

Instead, use the root user to create your first IAM user and assign it permissions to create other users.
Then, continue to create other IAM users, and access those identities for performing regular tasks
throughout AWS. Only use the root user when you need to perform a limited number of tasks that are
only available to the root user. Examples of these tasks include changing your root user email address
and changing your AWS support plan.

IAM users

An IAM user is an identity that you create in AWS. It represents the person or application that interacts
with AWS services and resources. It consists of a name and credentials.

By default, when you create a new IAM user in AWS, it has no permissions associated with it. To allow
the IAM user to perform specific actions in AWS, such as launching an Amazon EC2 instance or creating an Amazon S3 bucket, you must grant the IAM user the necessary permissions.

Best practice:

We recommend that you create individual IAM users for each person who needs to access AWS.

Even if you have multiple employees who require the same level of access, you should create individual
IAM users for each of them. This provides additional security by allowing each IAM user to have a
unique set of security credentials.

Author: Mohit T

No comments:
Write comments

Please do not enter spam links

Meet US


More Services