> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maildiver.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Step 2: Protect your root account

> Protect your root account

When you create an AWS account, the root user has full access to all AWS services and resources, which is not recommended. We will create a new user with admin privileges and use that user to continue with the rest of the documentation.

<Note>
  We could have automatically created a new user with admin privileges using AWS
  CDK, but it would require root account credentials. We want to avoid that for
  security reasons.
</Note>

<Warning>
  **Never create access keys for the root user**. If these credentials are
  exposed, attackers can gain complete control of your AWS account, resources,
  and billing.
</Warning>

[Read best practices to protect your account's root user](https://docs.aws.amazon.com/accounts/latest/reference/best-practices-root-user.html)(Don't worry, it's short)

## Enable MFA on your root account.

<Tip>
  Use free authenticator apps like [Google
  Authenticator](https://support.google.com/accounts/answer/1066447?hl=en) or
  [Microsoft
  Authenticator](https://www.microsoft.com/en-us/security/mobile-authenticator-app)
  for MFA.
</Tip>

You can enable MFA by following the steps [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-root).

As we secured the root account, in the next step, we will create a new account where we will deploy the self-hosted Email Kit.