====== AWS Account Root User ======

**What it is:** The special identity created when you first create an AWS account. It has full, unrestricted permissions in the account.

**What it’s for:**
  * Perform a few account-level tasks that only the root user can do (rare use).
  * Initial setup (then you should stop using it for daily work).

**Key ideas:**
  * Root user is NOT the same as an [[aws:security:iam:user|IAM User]].
  * Root has the highest privileges, so it’s the most dangerous if compromised.
  * Best practice: lock it down and use IAM roles/users for daily operations.

**Exam cues:**
  * “root user security recommendations” → strong password + MFA + don’t create/share root access keys.
  * “avoid using root for daily admin tasks” → create IAM admin user/role instead.

**Hard words (English + IPA + Vietnamese meaning):**
  * *root user* /ruːt ˈjuːzər/: tài khoản gốc
  * *unrestricted* /ˌʌnrɪˈstrɪktɪd/: không bị giới hạn
  * *privilege* /ˈprɪvəlɪdʒ/: quyền hạn
  * *compromised* /ˈkɑːmprəmaɪzd/: bị lộ/bị chiếm

**Child pages:**
  * [[aws:security:iam:root-user-best-practices|Root User Best Practices]]