Tasks That Require Root User Credentials

We recommend that you configure an administrative user in AWS IAM Identity Center
to perform daily tasks and access AWS resources. However, you can perform the tasks
listed below only when you sign in as the root user of an account.

Tasks
1. Change your account settings - This includes the account name, email address,
root user password, and root user access keys. Other account settings, such as
contact information, payment currency preference, and AWS Regions, don't
require root user credentials.
2. Restore IAM user permissions - If the only IAM administrator accidentally
revokes their own permissions, you can sign in as the root user to edit policies
and restore those permissions.
3. Activate IAM access to the Billing and Cost Management console.
4. View certain tax invoices - An IAM user with the aws-portal:ViewBilling
permission can view and download VAT invoices from AWS Europe, but not
AWS Inc. or Amazon Internet Services Private Limited (AISPL).
5. Close your AWS account.
6. Register as a seller in the Reserved Instance Marketplace.
7. Configure an Amazon S3 bucket to enable MFA (multi-factor authentication).
8. Edit or delete an Amazon Simple Queue Service (Amazon SQS) resource policy
that denies all principals.
9. Edit or delete an Amazon Simple Storage Service (Amazon S3) bucket policy
that denies all principals.
10. Sign up for AWS GovCloud (US).
11. Request AWS GovCloud (US) account root user access keys from AWS Support.
12. In the event that an AWS Key Management Service key becomes
unmanageable, you can recover it by contacting AWS Support as the root user.