# AWS Root Account Management
## 📖 Introduction to AWS Root Account Management
When a new AWS account is created, it includes a Root user with full access to all AWS services and resources. If the Root user credentials are compromised, this poses a significant security risk. AWS Root Account Management mitigates this risk by restricting Root user access and allowing temporary elevation to Root permissions when necessary.
***
## 🗒️ Understanding AWS Root Account Management's Features
### 1. Prevent New Root Users
Once enabled, new Root users are not created in new AWS accounts. Additionally, you are no longer able to password reset the Root user (unless you leverage [Privileged Actions](https://www.techwithtyler.dev/academy/aws-security-cookbook-by-tyler/broken-reference)).
Failed password recovery for root user
### 2. Auditing Root User Credentials
We gain insights into:
* Which AWS accounts have the Root user enabled
* Whether the Root user has MFA enabled
* Whether the Root user has a console password set
* Whether the Root user has Signing Certificates enabled
Root access management console
### 3. Privileged Actions
Privileged actions allow us to assume the root user credentials for 15 minutes. Here are some of the actions we can perform:
* **Delete S3 bucket policy**: Useful when you've misconfigured a bucket policy and locked yourself out. We can use the Root user to resolve this.
* **Delete SQS queue policy**: Useful when you've misconfigured a queue policy and locked yourself out. We can use the Root user to resolve this.
* **Delete root user credentials**: Removes the Root user's credentials from a member account.
