Just the people that need to, usually the security or operations team that handles creating or deleting accounts, or setting up billing stuff, or creating the initial roles or users that will be needed. All the other responses just say, “don’t use the root account”. That’s true, but there are some things that need the root account, and in a midsized company that shouldn’t be controlled by one person, but usually a small team. I don’t use the root account for anything outside of what it’s explicitly needed for, but I do need access to it for those times, and the rest of my team need that access too. And we have audit trails that let us know whenever someone uses the root account. Tada.
No comments yet.