AWS Certified Cloud Practitioner — Question 142

Who can create and manage access keys for an AWS account root user?

Answer options

• A. The AWS account owner
• B. An IAM user that has administrator permissions
• C. IAM users within a designated group
• D. An IAM user that has the required role

Correct answer: A

Explanation

The AWS account owner is the only individual who can create and manage access keys for the root user, ensuring that the most sensitive permissions remain under their control. While IAM users with administrator permissions can manage resources, they do not have the authority to create or manage access keys for the root user. Similarly, IAM users in groups or with specific roles have limited access and cannot perform this task.