The 'root' account should not be used for daily tasks

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

With the creation of an AWS account, a root user is established that cannot be disabled or deleted. This user has unrestricted access to and control over all resources in the account. Datadog highly recommends that you avoid using this account for everyday tasks to adhere to security best practices.

The root user’s unrestricted access is inconsistent with the principles of least privilege and separation of duties, which can lead to unnecessary harm due to errors or account compromise. In GovCloud (US) regions, the root user is not enabled by default but can be enabled upon request with access granted only through access-keys (CLI, API methods).

Remediation

For instructions on managing the root user account to prevent it from being used for daily activities, refer to AWS Best Practices for Managing Root User Access.