Ultimate access to all questions.
Answer-first summary for fast verification
Answer: The AWS account owner
## Explanation The correct answer is **The AWS account owner** because: 1. **Root user access keys are highly sensitive** - They provide full administrative access to the AWS account, including the ability to delete the account itself. 2. **Security best practices** - AWS recommends that only the account owner should manage root user credentials. This follows the principle of least privilege and reduces security risks. 3. **IAM limitations** - While IAM users and roles can be granted extensive permissions, managing root user access keys is typically restricted to the account owner for security reasons. 4. **Account ownership** - The AWS account owner is the person who created the account and has ultimate responsibility for its security and management. **Why other options are incorrect:** - **Option A**: IAM users cannot manage root user access keys even with permissions, as this is a security boundary. - **Option B**: IAM roles cannot manage root user access keys, regardless of which account they're in. - **Option C**: Neither IAM users nor roles can manage root user access keys; this is an exclusive privilege of the account owner. **Best Practice**: AWS recommends: 1. Avoid using root user access keys for daily operations 2. Enable multi-factor authentication (MFA) for the root user 3. Create IAM users with appropriate permissions for regular tasks 4. Store root user credentials in a secure location and use them only when absolutely necessary
Author: Ritesh Yadav
No comments yet.
A company is using AWS Identity and Access Management (IAM). Who can manage the access keys of the AWS account root user?
A
IAM users in the same account that have been granted permission
B
IAM roles in any account that have been granted permission
C
IAM users and roles that have been granted permission
D
The AWS account owner