AWS Certified Cloud Practitioner (CLF-C02) — Question 588

A company is using AWS Identity and Access Management (IAM).

Who can manage the access keys of the AWS account root user?

Answer options

• A. IAM users in the same account that have been granted permission
• B. IAM roles in any account that have been granted permission
• C. IAM users and roles that have been granted permission
• D. The AWS account owner

Correct answer: D

Explanation

The access keys of the AWS account root user can only be created, modified, or deleted by logging in as the root user (the AWS account owner). Even if an IAM user or role is granted full administrator access, AWS security policies restrict them from managing the root user's credentials. Therefore, only the account owner has the authority to manage these specific keys.