The root user has special permissions over the organization's account and should not be used on a daily basis. This video demonstrates the few scenarios where you do need to use the root account.
- Before we do anything on your AWS account, we first need to figure out what kind of account you have. If you don't have an AWS account, you can sign up for your own account by going to aws.amazon.com. You will be asked to put in a credit card on file for the billing, but most AWS services have a free tier that allow you to try out several services for the first year while you're learning about AWS. If you signed up your account this way, or someone in your organization only sent you a username and password. Then you have an AWS root account. If you were sent a username, a password, and an account ID, or an account alias, or maybe someone sent you a special link to click on to sign in. Then you have an IAM user account. IAM stands for identity and access management. And this is how AWS controls who has access to your organization's account. Now, if you have an IAM user account, then your login screen will include a field at the top that says account ID or alias, and it should already be filled in for you. If you have an AWS root account, you are using a special account within AWS and you should only sign into AWS using the root account under certain circumstances. When you sign in with the AWS root account, you become captain of your starship. And the captain of the starship has special abilities. You can promote and demote your officers. You can even tell your ship to self destruct when you interact with AWS using the root account. Imagine yourself wearing the captain's uniform, and the great responsibilities that come with the uniform. There's a complete list of the special privileges the root user has in the documentation, but the most common uses are creating your first IAM user, changing the login credentials of the root user itself, changing your support plan with AWS and deleting the entire AWS account. So, you can see how dangerous it would be for someone to get a hold of your AWS root account. You never want to give out your AWS root account and you should only log into the AWS root account when you absolutely have to. Make sure your AWS root account has a strong password. And if you want to take extra precautions, AWS recommends that you secure the root account by using a physical multi-factor authentication key. The MFA key requires that whoever puts on the captain's uniform must have the root username and password and have the MFA key in hand. The physical MFA keys they support along with their associated costs are listed in the AWS docs. To set up MFA, login to the AWS console. Click on your username in the upper right toolbar, and then the sub menu select my security credentials. Under multi-factor authentication, click on the Assign MFA device button. The virtual MFA device option allows you to use an app on your phone in place of a physical device. But I recommend using the physical MFA key for the AWS root account. And then using the virtual MFA option to secure your individual IAM user account. To set up MFA, you just follow the instructions listed in this wizard for the device that you selected. Now, let's keep on the captain's uniform just a little bit longer. So, we can create you an IAM user and then hang up the captain's uniform up in the closet where no one can find it.
- Proper security for the AWS root account
- Identity and Access Management (IAM)
- Regions and availability zones
- Creating an EC2 instance web server
- Editing security groups
- Storing and serving files from AWS
- Scaling with Elastic Load Balancer (ELB)
- Hosting databases within AWS
- Running containers on AWS
- Machine learning services within AWS
- DevOps with AWS
- Security on AWS