It is recommended to avoid using the root user, and root account in multi-account scenarios, except in cases where it is strictly necessary.
The recommendation is to use a Centralized user repository such as AWS Directory Services (Active Directory / SimpleAD), Active Directory on EC2, Okta, PingIdentity, Azure Active Directory, OneLogin. If you don’t currently have a user repository, it’s preferable to use IAM users than using root until the directory is implemented, but keep in mind that IAM users are not a best practice, as they may not be removed when the employee is terminated, and the Access Keys associated to IAM users are durable credentials that you have to periodically rotate.
It is advisable to audit your root account usage via AWS CloudTrail and generate usage alerts with Amazon Simple Notification Service (SNS) notifications.
Additional details can be found in the documentation .