What it is: The special identity created when you first create an AWS account. It has full, unrestricted permissions in the account.

What it’s for:

• Perform a few account-level tasks that only the root user can do (rare use).
• Initial setup (then you should stop using it for daily work).

Key ideas:

• Root user is NOT the same as an IAM User.
• Root has the highest privileges, so it’s the most dangerous if compromised.
• Best practice: lock it down and use IAM roles/users for daily operations.

Exam cues:

• “root user security recommendations” → strong password + MFA + don’t create/share root access keys.
• “avoid using root for daily admin tasks” → create IAM admin user/role instead.

Hard words (English + IPA + Vietnamese meaning):

• *root user* /ruːt ˈjuːzər/: tài khoản gốc
• *unrestricted* /ˌʌnrɪˈstrɪktɪd/: không bị giới hạn
• *privilege* /ˈprɪvəlɪdʒ/: quyền hạn
• *compromised* /ˈkɑːmprəmaɪzd/: bị lộ/bị chiếm

Child pages:

• Root User Best Practices