0
0
AWScloud~5 mins

Root user vs IAM user in AWS - CLI Comparison

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
AWS accounts have a root user with full access and IAM users with limited permissions. Understanding the difference helps keep your cloud environment safe and organized.
When you first create an AWS account and need full control to set up billing and security.
When you want to give team members access to AWS resources without sharing your root credentials.
When you want to follow security best practices by limiting the use of the root user.
When you need to assign specific permissions to users based on their job roles.
When you want to track actions performed by different users in your AWS account.
Commands
This command lists all IAM users in your AWS account so you can see who has access besides the root user.
Terminal
aws iam list-users
Expected OutputExpected
Users: - UserName: alice UserId: AIDAEXAMPLE1 - UserName: bob UserId: AIDAEXAMPLE2
This command shows details about the IAM user you are currently logged in as, confirming your identity and permissions.
Terminal
aws iam get-user
Expected OutputExpected
User: UserName: alice UserId: AIDAEXAMPLE1 Arn: arn:aws:iam::123456789012:user/alice
This command shows the AWS identity making the request, helping you verify if you are using the root user or an IAM user.
Terminal
aws sts get-caller-identity
Expected OutputExpected
Account: 123456789012 UserId: AIDAEXAMPLE1 Arn: arn:aws:iam::123456789012:user/alice
Key Concept

If you remember nothing else from this pattern, remember: always use IAM users for daily tasks and keep the root user locked away for emergencies.

Common Mistakes
Using the root user for everyday tasks
The root user has unlimited power, so using it regularly increases the risk of accidental or malicious changes.
Create IAM users with only the permissions they need and use those for daily work.
Sharing root user credentials with others
Sharing root credentials can lead to security breaches and makes it hard to track who did what.
Create individual IAM users for each person and assign proper permissions.
Summary
The root user has full access to all AWS resources and billing.
IAM users have limited permissions and are safer for daily use.
Use AWS CLI commands to check which user you are and list IAM users.