Which of the following is an AWS best practice for using the AWS account root user credentials?
Allow only the manager to use the account root user credentials for normal activities.
Use the account root user credentials only for Amazon EC2 instances from the AWS Free Tier.
Use the account root user credentials only when they alone must be used to perform a required function.
Use the account root user credentials only for the creation of private VPC subnets.
Explanations:
Allowing only the manager to use the root credentials does not mitigate the risk of misuse. Best practices recommend minimizing root user usage and instead utilizing IAM users with appropriate permissions for normal activities.
The AWS Free Tier is not a special case for using root credentials. Root credentials should not be used for routine activities, regardless of the services being utilized.
This option aligns with AWS best practices, which state that the root user should be used only for tasks that specifically require it, such as changing account settings or billing information. This minimizes the risk associated with root user credentials.
Creating private VPC subnets does not require root user credentials, and using root credentials for this task goes against the principle of least privilege. This should be done using IAM users or roles with the necessary permissions.