====== Privileged Users ======

**What it is:** Users/roles with high permissions (admin, ability to create policies, manage keys, change security settings).

**What it’s for:**
  * Identify high-risk identities that must be protected strongly.

**Best practice:**
  * Require [[aws:security:mfa|MFA]] for all privileged users.

**Hard words:**
  * *administrator* /ədˈmɪnɪstreɪtər/: quản trị viên
  * *high-risk* /haɪ rɪsk/: rủi ro cao