What should be done to secure the root user?
Create IAM users for daily administrative tasks. Disable the root user.
Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user.
Generate an access key for the root user. Use the access key for daily administration tasks instead of the AWS Management Console.
Provide the root user credentials to the most senior solutions architect. Have the solutions architect use the root user for daily administration tasks.
Explanations:
Disabling the root user is not possible; the root user must always exist. However, creating IAM users for daily tasks is a good practice.
Creating IAM users for daily tasks minimizes the use of the root account, and enabling multi-factor authentication (MFA) on the root user adds an extra layer of security against unauthorized access.
Generating an access key for the root user is not recommended. The root user should be used sparingly, and access keys for the root user increase the risk of exposure and misuse.
Providing root user credentials to anyone, even a senior solutions architect, is a security risk. The root account should be used only for specific administrative tasks, and it’s better to use IAM users for daily operations.
I measure that the answer is:
Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user.