1 Answer
- Newest
- Most votes
- Most comments
0
The "root" user of an account can be restricted using Service control policies (SCPs), in AWS Organizations. The error you describe implies that there might be an SCP in place.
You can verify the presence of an SCP by navigating to AWS Organizations, and then check the "Policies" on the OU where the account is located. Note that SCPs might also be created by AWS Control Tower (if you use it), so please be careful changing existing SCP.
Please also note that there is a total of ~10 actions which really require root user permissions. Following least privilege, I therefore recommend not using this user unless you need to execute one of those actions, and use (preferably) IAM Identity Center access or (if needed) IAM users instead.
answered 6 months ago
Relevant content
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago