hello today we are going into the root user what does this mean what does I am am so many questions let's find out what is a root user in AWS great question so when we create any sort of user in AWS they always come with their own login and their own account a user is basically anyone that can log into AWS and access the resources there when you first create an AWS account the email that you are using to create that account becomes the email of the root user and that gives you access to pretty much everything it's like an unlimited access to AWS but as always with great power comes great responsibility and you've got to be really careful about this root user because they had access to everything in your AWS account you should only use it very very sparingly it's highly recommended that you have multiactor authentication because you just don't want any random person being able to log into this they could literally take down your whole product or company or app or whatever you're working on they could also cost you a lot of money you know if they had malicious intent so how does this compare with the IM am user and what exactly is an AM user am stands for identity and access management and these are users that are members or sub members of your AWS account they all have their own usernames and their all passwords but they don't have that same Godlike access that the root user has they all have different levels of permissions and different keys to actually get into AWS the thing here is that you want to use am users for your kind of daily activities with AWS and then use your root user only when you absolutely have to because you want to avoid any sort of security breaches or anything that goes wrong you really want to be using your I IM users at majority of the let's take a look at a little comparison at a very very high level so on this side we have our IM am users which is everyday access very limited permissions and on the other side we have our root user which is more about full access and for any really big jobs that you can't do with your I now multiactor authentication is a really important part of this whole story so make sure that you're making really good use of multiactor authentication if you're not familiar with multifactor authentication very briefly it's just where you want to have an additional layer of authenticating who a person is to actually log them into a system so if you've ever tried to log in and it sends a code to your phone number or it asks you to check it at or it gives you a call or whatever it is it sends an email and you've got to go into your email and open the message this is all multiactor authentication they're trying to check are you actually who you say you are or have you just byad chance likey guessed someone's favorite pet from their childhood and now you can access their account you can also use fingerprints or face scanning these are all things that are becoming much much more popular in every day now so multiactor authentication doesn't just have to be the standard code or email or phone the bottom line is that multiactor authentication is absolutely essential for your root user because you want to make sure that this is super lockedown the best practices in summary for the root user is to use with caution make sure that you've got multiactor authentication turned on never share your logins with other people for this and make use of youram users for your daily nums thank you so much for watching I hope this was useful and educational and we will see you in the next video