When you create an AWS account, the root user has full access to all AWS services and resources, which is not recommended. We will create a new user with admin privileges and use that user to continue with the rest of the documentation.

We could have automatically created a new user with admin privileges using AWS CDK, but it would require root account credentials. We want to avoid that for security reasons.

Never create access keys for the root user. If these credentials are exposed, attackers can gain complete control of your AWS account, resources, and billing.

Read best practices to protect your account’s root user(Don’t worry, it’s short)

Enable MFA on your root account.

Use free authenticator apps like Google Authenticator or Microsoft Authenticator for MFA.

You can enable MFA by following the steps here.

As we secured the root account, in the next step, we will create a new account where we will deploy the self-hosted Email Kit.