The 'root' account should not be used for daily tasks

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

With the creation of an AWS account, a root user is established that cannot be disabled or deleted. This user has unrestricted access to and control over all resources in the account. Datadog highly recommends that you avoid using this account for everyday tasks to adhere to security best practices.

The root user’s unrestricted access is inconsistent with the principles of least privilege and separation of duties, which can lead to unnecessary harm due to errors or account compromise. In GovCloud (US) regions, the root user is not enabled by default but can be enabled upon request with access granted only through access-keys (CLI, API methods).

Remediation

For instructions on managing the root user account to prevent it from being used for daily activities, refer to AWS Best Practices for Managing Root User Access.