<aside>
The Root user account is the ultimate identity for account control and the original account owner created when AWS account is first set up, it has unrestricted and complete access to every service and resource in the account. This user can perform every action including sensitive operations like account settings, billing management or account closing.
However the Root user is not meant for everyday use due to the significant security risks if it’s compromised, it should only be used for account specific tasks and protected with strong security measures such as MFA
IAM User on the other hand is a secondary account created within AWS account. This user can be granted only the permission they need for day-to-day tasks (using the principle of least privilege), The IAM user helps limit the risk if one user’s credentials gets compromised because access is restricted to only the resources and actions specified.
Create and manage IAM users and roles for all routine activities