Got a new account?

An AWS account is a container for identities and resources. Each account has a unique email and is associated with a billing method.

Usually, multiple AWS accounts are needed, which forms an organization. Always create multiple accounts for different environments (e.g. dev, test, prod).best-practices

Accounts always have a single account root user. This account root user has full control over all users and resources within the account (no restrictions whatsoever). It can also create other users/identities such as users, groups, or roles.

No external access is configured for an AWS account by default.

Do not use the account root user!

Do not use the root user for everyday purposes. Only use it when something is seriously broken and you cannot find a way to fix it using existing IAM access. Do not create any access keys for the root user either.