reduce the risk of losing control of your AWS account by not knowing the root account password
As Amazon states, one of the best practices for using AWS is
Don’t use your AWS root account credentials to access AWS […] Create an IAM user for yourself […], give that IAM user administrative privileges, and use that IAM user for all your work.
The root account credentials are the email address and password that you used when you first registered for AWS. These credentials have the ultimate authority to create and delete IAM users, change billing, close the account, and perform all other actions on your AWS account.
You can create a separate IAM user with near-full permissions for use when you need to perform admin tasks, instead of using the AWS root account. If the credentials for the admin IAM user are compromised, you can use the AWS root account to disable those credentials to prevent further harm, and create new credentials for ongoing use.
However, if the credentials for your AWS root account are compromised, the person who stole them can take over complete control of your account, change the associated email address, and lock you out.
I have consulted companies who lost control over the root AWS account which contained their assets. You want to avoid this.
The AWS root account is not required for regular use as long as you have created an IAM user with admin privileges
Amazon recommends not using your AWS root account
You can’t accidentally expose your AWS root account password if you don’t know it and haven’t saved it anywhere
You can always reset your AWS root account password as long as you have access to the email address associated with the account
Consider this approach to improving security: