- Newest
- Most votes
- Most comments
It is recommend that you do not use the root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks. To view the tasks that require you to sign in as the root user, see AWS Tasks That Require Root User. For a tutorial on how to set up an administrator for daily use, see Creating your first IAM admin user and user group.
References
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
- https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html
- https://docs.aws.amazon.com/accounts/latest/reference/best-practices-root-user.html
- https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Having said that, You can’t use your account's root user credentials to view Amazon S3 Storage Lens dashboards. To access S3 Storage Lens dashboards, you must grant the requisite IAM permissions to a new or existing IAM user. Then, sign in with those user credentials to access S3 Storage Lens dashboards. For more information, see Amazon S3 Storage Lens permissions.
Reference - https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_console_viewing.html
Relevant content
- asked 3 months ago
- asked 9 months ago
- Accepted Answerasked 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
Yes, I know this is recommended, but no other AWS service that I use requires this. Should I take it that you guys are going to transition all AWS services to refusing root access and requiring IAM users? Or all new services are going to have this restriction? And if not, then please fix this one too so it doesn't require it. I can make my own decisions about my level of risk tolerance and security best practices, not all are appropriate for all users. If you guys are going to transition everything over to refusing root and requiring different IAM users, good luck with that.