Answer-first summary for fast verification
Answer: The AWS account owner
## Explanation Only the **AWS account owner** can manage the access keys of the AWS account root user. This is a critical security measure in AWS: - **Root user credentials** provide complete, unrestricted access to all AWS services and resources in the account - **IAM users, roles, and policies** cannot manage or modify root user credentials, even with administrative permissions - This separation ensures that the ultimate account ownership and control remains with the account owner - The root user should only be used for specific account-level tasks that cannot be performed by IAM users **Best Practice**: Enable multi-factor authentication (MFA) for the root user and use IAM users for daily operations to enhance security.
Author: Ritesh Yadav
Ultimate access to all questions.
No comments yet.
A company is using AWS Identity and Access Management (IAM). Who can manage the access keys of the AWS account root user?
A
IAM users in the same account that have been granted permission
B
IAM roles in any account that have been granted permission
C
IAM users and roles that have been granted permission
D
The AWS account owner