Home › AWS Cloud Practitioner › cloudcomputing › securitycompliance › Which task can ONLY be performed by the AWS acco…
Which task can ONLY be performed by the AWS account root user, and not by any IAM user even with administrator privileges?
AClosing the AWS account or changing the account's support plan
BReading CloudWatch metrics for an EC2 instance
CLaunching EC2 instances in any Region
DCreating S3 buckets in the account
Answer & Solution
Correct answer: A. Closing the AWS account or changing the account's support plan
A small set of actions are root-only: closing the account, changing the support plan, changing the root user's email/password, viewing tax invoices, and restoring permissions when an IAM admin has locked themselves out. Everyday work like launching EC2 / managing S3 should be done by IAM users, never the root user.
Related questions
AWS IAM Identity Center (formerly AWS SSO) primarily lets you:Which combination correctly describes encryption in transit versus encryption at rest?A team wants to block common web exploits like SQL injection and cross-site scripting at tAn organization wants to detect threats like unusual API calls, compromised EC2 instances,For Amazon RDS, which of the following best describes the shared responsibility split?What is the difference between an IAM user and an IAM role?The principle of least privilege, as applied via IAM, recommends that you:Which AWS service logs all API calls made against the AWS account, so administrators can a