I wholeheartedly agree. IAM has been readily available to provision individual users on the AWS accounts for quite some time now. Sharing access to the root account is a bad practice.
Ideally, the root account should have MFA enabled, all root access keys should be deleted, and individual users should have their own usernames provisioned via IAM with the principle of least privilege applied.
Ideally, the root account should have MFA enabled, all root access keys should be deleted, and individual users should have their own usernames provisioned via IAM with the principle of least privilege applied.