There would be no easy way to control resource usage by project or class

There would be no effective limits on the effect of an action, making it more likely for unintended and unwanted consequences to result

Since root has full permissions over your account resources, an account compromise at the hands of hackers would be catastrophic

It would make it difficult to track which account user is responsible for specific actions

The Action element refers to the way IAM will react to a request

The * character applies an element globally—as broadly as possible

The Resource element refers to the third-party identities that will be allowed to access the account

The Effect element refers to the anticipated resource state after a request is granted

Never use the account to perform any administration operations

Enable multifactor authentication (MFA)

Assign a long and complex password

Delete all access keys

It enhances security by consolidating resources

It simplifies the management of user permissions

It allows for quicker response times to service interruptions

It simplifies locking down the root user

2000

3000

5000

4000

Change the password and MFA settings for the root account

Delete and re-create all existing IAM policies

Change he passwords for all your IAM users

Delete the former employee’s own IAM user (within the company account)

Action

Region

Effect

Resource