1The God Mode Problem
The AWS Root account is created with the email address used to open the AWS account. Unlike IAM users, the Root user cannot have its permissions restricted by IAM policies. It can close the account, change support plans, and access billing. If it's compromised, your business is compromised.
2The Layered Defense
Security is about layers. A strong password is layer one. MFA is layer two. The principle of least privilege (using IAM instead of Root) is layer three. By combining these, you exponentially reduce your attack surface.
