AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-03-26 · Documentation low

File: IAM/latest/UserGuide/id_root-user.md

Summary

Restructured content order, clarified root user definition, added note about account management in Organizations

Security assessment

Changes are organizational/editorial with no direct security implications. The added note clarifies existing security practices but doesn't introduce new security features

Diff

diff --git a/IAM/latest/UserGuide/id_root-user.md b/IAM/latest/UserGuide/id_root-user.md
index 7ef9b1754..db0e31cd9 100644
--- a/IAM/latest/UserGuide/id_root-user.md
+++ b/IAM/latest/UserGuide/id_root-user.md
@@ -5 +5 @@
-Centrally manage root access for member accountsAdditional resourcesTasks that require root user credentialsRelated information
+Centrally manage root access for member accountsTasks that require root user credentialsAdditional resources
@@ -9 +9 @@ Centrally manage root access for member accountsAdditional resourcesTasks that r
-When you first create an Amazon Web Services (AWS) account, the email address and password you provide are the credentials for your root user, which has access to all AWS services and resources in the account.
+When you first create an Amazon Web Services (AWS) account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account _root user_. The email address and password that you used to create your AWS account are the credentials you use to sign in as your root user.
@@ -20,2 +19,0 @@ When you first create an Amazon Web Services (AWS) account, the email address an
-When you first create an Amazon Web Services (AWS) account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account _root user_ and is accessed by signing in with the email address and password that you used to create the account.
-
@@ -47,11 +44,0 @@ If you need to recover root user credentials for a member account, the Organizat
-## Additional resources
-
-For more information about the AWS root user, see the following resources:
-
-  * For help with root user issues, see [Troubleshoot issues with the root user](./troubleshooting_root-user.html).
-
-  * To centrally manage root user email addresses in Organizations, see [Updating the root user email address for a member account](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_update_primary_email.html) in the _AWS Organizations User Guide_.
-
-
-
-
@@ -74,0 +62,4 @@ To simplify managing privileged root user credentials across member accounts in
+###### Note
+
+Closing a member account and changing the root user email address of a member account in AWS Organizations does not require root user credentials of the member account. These tasks do require root user credentials when performed on standalone accounts, the management account of an organization, or if a member account wishes to close itself.
+
@@ -153 +144,10 @@ You can use privileged actions to unlock an Amazon SQS queue with a misconfigure
-## Related information
+## Additional resources
+
+For more information about the AWS root user, see the following resources:
+
+  * For help with root user issues, see [Troubleshoot issues with the root user](./troubleshooting_root-user.html).
+
+  * To centrally manage root user email addresses in Organizations, see [Updating the root user email address for a member account](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_update_primary_email.html) in the _AWS Organizations User Guide_.
+
+
+