AWS Certified Cloud Practitioner

Explanation

Only the AWS account owner can manage the access keys of the AWS account root user. This is a critical security measure in AWS:

• Root user credentials provide complete, unrestricted access to all AWS services and resources in the account
• IAM users, roles, and policies cannot manage or modify root user credentials, even with administrative permissions
• This separation ensures that the ultimate account ownership and control remains with the account owner
• The root user should only be used for specific account-level tasks that cannot be performed by IAM users

Best Practice: Enable multi-factor authentication (MFA) for the root user and use IAM users for daily operations to enhance security.