AWS Certified Cloud Practitioner

Explanation

The correct answer is The AWS account owner because:

1. Root user access keys are highly sensitive - They provide full administrative access to the AWS account, including the ability to delete the account itself.

2. Security best practices - AWS recommends that only the account owner should manage root user credentials. This follows the principle of least privilege and reduces security risks.

3. IAM limitations - While IAM users and roles can be granted extensive permissions, managing root user access keys is typically restricted to the account owner for security reasons.

4. Account ownership - The AWS account owner is the person who created the account and has ultimate responsibility for its security and management.

Why other options are incorrect:

• Option A: IAM users cannot manage root user access keys even with permissions, as this is a security boundary.

• Option B: IAM roles cannot manage root user access keys, regardless of which account they're in.

• Option C: Neither IAM users nor roles can manage root user access keys; this is an exclusive privilege of the account owner.

Best Practice: AWS recommends:

1. Avoid using root user access keys for daily operations

2. Enable multi-factor authentication (MFA) for the root user

3. Create IAM users with appropriate permissions for regular tasks

4. Store root user credentials in a secure location and use them only when absolutely necessary