Which of the following is an AWS best practice for managing an AWS account root user?
Keep the root user password with the security team.
Enable multi-factor authentication (MFA) for the root user.
Create an access key for the root user.
Keep the root user password consistent for compliance purposes.
Explanations:
Keeping the root user password with the security team is not a recommended practice. The root user should have limited access and its credentials should be managed securely, preferably not shared or stored by anyone other than the account owner.
Enabling multi-factor authentication (MFA) for the root user is a best practice. It adds an additional layer of security, helping to prevent unauthorized access even if the root password is compromised.
Creating an access key for the root user is not recommended. AWS best practices advise against using the root user for everyday tasks, including generating access keys, as it can lead to increased security risks.
Keeping the root user password consistent for compliance purposes is not advisable. Passwords should be changed regularly to maintain security, and having a consistent password can lead to vulnerabilities if the password is ever compromised.
As far as I’m aware, the answer is:
Enable multi-factor authentication (MFA) for the root user.