According to the AWS Well-Architected Framework – Security Pillar and the AWS Identity and Access Management (IAM) User Guide, the root user account in an AWS account is extremely powerful and should be protected with strict security measures.
From AWS documentation:
“We recommend that you not use the root user for everyday tasks, even administrative ones. Instead, create IAM users and grant them only the permissions they need. To help protect your AWS account, enable multi-factor authentication (MFA) for the root user.”
(Source: AWS Identity and Access Management User Guide – Securing the Root User)
The correct and recommended action is to create IAM users with specific permissions for daily operations and enable MFA on the root user to provide an additional layer of security. The root user cannot be disabled, so Option A is technically incorrect. AWS also explicitly advises against using root access keys (Option C) or sharing root credentials (Option D), both of which violate the principle of least privilege.
Best practices summarized from AWS official documentation:
Do not use root user for routine tasks
Enable MFA for root user immediately
Create individual IAM users and assign least privilege
Avoid creating or using root user access keys
These recommendations are foundational to securing any new AWS account and are consistently emphasized in the AWS Certified Solutions Architect – Official Study Guide and the AWS Security Best Practices whitepaper.
[References:, AWS IAM User Guide – "Securing the root user", AWS Well-Architected Framework – Security Pillar, AWS Certified Solutions Architect – Official Study Guide (Latest Edition), , , , ]
