CINXE.COM

AWS account root user - AWS Identity and Access Management

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>AWS account root user - AWS Identity and Access Management</title><meta name="viewport" content="width=device-width,initial-scale=1" /><meta name="assets_root" content="/assets" /><meta name="target_state" content="id_root-user" /><meta name="default_state" content="id_root-user" /><link rel="icon" type="image/ico" href="/assets/images/favicon.ico" /><link rel="shortcut icon" type="image/ico" href="/assets/images/favicon.ico" /><link rel="canonical" href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html" /><meta name="description" content="Manage the root user for an AWS account, including changing its password, and creating and removing access keys." /><meta name="deployment_region" content="IAD" /><meta name="product" content="AWS Identity and Access Management" /><meta name="guide" content="User Guide" /><meta name="abstract" content="Control access to your AWS resources with user identity (authentication) and with policies that define specific permissions (authorization)." /><meta name="guide-locale" content="en_us" /><meta name="tocs" content="toc-contents.json" /><link rel="canonical" href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html" /><link rel="alternative" href="https://docs.aws.amazon.com/id_id/IAM/latest/UserGuide/id_root-user.html" hreflang="id-id" /><link rel="alternative" href="https://docs.aws.amazon.com/id_id/IAM/latest/UserGuide/id_root-user.html" hreflang="id" /><link rel="alternative" href="https://docs.aws.amazon.com/de_de/IAM/latest/UserGuide/id_root-user.html" hreflang="de-de" /><link rel="alternative" href="https://docs.aws.amazon.com/de_de/IAM/latest/UserGuide/id_root-user.html" hreflang="de" /><link rel="alternative" href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html" hreflang="en-us" /><link rel="alternative" href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html" hreflang="en" /><link rel="alternative" href="https://docs.aws.amazon.com/es_es/IAM/latest/UserGuide/id_root-user.html" hreflang="es-es" /><link rel="alternative" href="https://docs.aws.amazon.com/es_es/IAM/latest/UserGuide/id_root-user.html" hreflang="es" /><link rel="alternative" href="https://docs.aws.amazon.com/fr_fr/IAM/latest/UserGuide/id_root-user.html" hreflang="fr-fr" /><link rel="alternative" href="https://docs.aws.amazon.com/fr_fr/IAM/latest/UserGuide/id_root-user.html" hreflang="fr" /><link rel="alternative" href="https://docs.aws.amazon.com/it_it/IAM/latest/UserGuide/id_root-user.html" hreflang="it-it" /><link rel="alternative" href="https://docs.aws.amazon.com/it_it/IAM/latest/UserGuide/id_root-user.html" hreflang="it" /><link rel="alternative" href="https://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/id_root-user.html" hreflang="ja-jp" /><link rel="alternative" href="https://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/id_root-user.html" hreflang="ja" /><link rel="alternative" href="https://docs.aws.amazon.com/ko_kr/IAM/latest/UserGuide/id_root-user.html" hreflang="ko-kr" /><link rel="alternative" href="https://docs.aws.amazon.com/ko_kr/IAM/latest/UserGuide/id_root-user.html" hreflang="ko" /><link rel="alternative" href="https://docs.aws.amazon.com/pt_br/IAM/latest/UserGuide/id_root-user.html" hreflang="pt-br" /><link rel="alternative" href="https://docs.aws.amazon.com/pt_br/IAM/latest/UserGuide/id_root-user.html" hreflang="pt" /><link rel="alternative" href="https://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/id_root-user.html" hreflang="zh-cn" /><link rel="alternative" href="https://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/id_root-user.html" hreflang="zh-tw" /><link rel="alternative" href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html" hreflang="x-default" /><meta name="feedback-item" content="IAM" /><meta name="this_doc_product" content="AWS Identity and Access Management" /><meta name="this_doc_guide" content="User Guide" /><script defer="" src="/assets/r/vendor4.js?version=2021.12.02"></script><script defer="" src="/assets/r/vendor3.js?version=2021.12.02"></script><script defer="" src="/assets/r/vendor1.js?version=2021.12.02"></script><script defer="" src="/assets/r/awsdocs-common.js?version=2021.12.02"></script><script defer="" src="/assets/r/awsdocs-doc-page.js?version=2021.12.02"></script><link href="/assets/r/vendor4.css?version=2021.12.02" rel="stylesheet" /><link href="/assets/r/awsdocs-common.css?version=2021.12.02" rel="stylesheet" /><link href="/assets/r/awsdocs-doc-page.css?version=2021.12.02" rel="stylesheet" /><script async="" id="awsc-panorama-bundle" type="text/javascript" src="https://prod.pa.cdn.uis.awsstatic.com/panorama-nav-init.js" data-config="{'appEntity':'aws-documentation','region':'us-east-1','service':'iam'}"></script><meta id="panorama-serviceSubSection" value="User Guide" /><meta id="panorama-serviceConsolePage" value="AWS account root user" /></head><body class="awsdocs awsui"><div class="awsdocs-container"><awsdocs-header></awsdocs-header><awsui-app-layout id="app-layout" class="awsui-util-no-gutters" ng-controller="ContentController as $ctrl" header-selector="awsdocs-header" navigation-hide="false" navigation-width="$ctrl.navWidth" navigation-open="$ctrl.navOpen" navigation-change="$ctrl.onNavChange($event)" tools-hide="$ctrl.hideTools" tools-width="$ctrl.toolsWidth" tools-open="$ctrl.toolsOpen" tools-change="$ctrl.onToolsChange($event)"><div id="guide-toc" dom-region="navigation"><awsdocs-toc></awsdocs-toc></div><div id="main-column" dom-region="content" tabindex="-1"><awsdocs-view class="awsdocs-view"><div id="awsdocs-content"><head><title>AWS account root user - AWS Identity and Access Management</title><meta name="pdf" content="/pdfs/IAM/latest/UserGuide/iam-ug.pdf#id_root-user" /><meta name="rss" content="aws-iam-release-notes.rss" /><meta name="forums" content="https://repost.aws/tags/TAO7Z4bI5hQVWMiYFs34QhIA" /><meta name="feedback" content="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=IAM&amp;topic_url=https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_root-user.html" /><meta name="feedback-yes" content="feedbackyes.html?topic_url=https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_root-user.html" /><meta name="feedback-no" content="feedbackno.html?topic_url=https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_root-user.html" /><meta name="keywords" content="IAM,AWS Identity and Access Management,IAM user,user,IAM group,group,IAM role,role,permission policy,trust policy,policy,access key,password,AWS root user" /><script type="application/ld+json"> { "@context" : "https://schema.org", "@type" : "BreadcrumbList", "itemListElement" : [ { "@type" : "ListItem", "position" : 1, "name" : "AWS", "item" : "https://aws.amazon.com" }, { "@type" : "ListItem", "position" : 2, "name" : "AWS Identity and Access Management", "item" : "https://docs.aws.amazon.com/iam/index.html" }, { "@type" : "ListItem", "position" : 3, "name" : "User Guide", "item" : "https://docs.aws.amazon.com/IAM/latest/UserGuide" }, { "@type" : "ListItem", "position" : 4, "name" : "IAM Identities", "item" : "https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html" }, { "@type" : "ListItem", "position" : 5, "name" : "AWS account root user", "item" : "https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html" } ] } </script></head><body><div id="main"><div style="display: none"><a href="/pdfs/IAM/latest/UserGuide/iam-ug.pdf#id_root-user" target="_blank" rel="noopener noreferrer" title="Open PDF"></a></div><div id="breadcrumbs" class="breadcrumb"><a href="/index.html">Documentation</a><a href="/iam/index.html">AWS Identity and Access Management</a><a href="introduction.html">User Guide</a></div><div id="page-toc-src"><a href="#id_root-user-access-management">Centrally manage root access for member accounts</a><a href="#id_root-user-resources">Additional resources</a><a href="#root-user-tasks">Tasks that require root user credentials</a><a href="#id_root-user_related_information">Related information</a></div><div id="main-content" class="awsui-util-container"><div id="main-col-body"><awsdocs-language-banner data-service="$ctrl.pageService"></awsdocs-language-banner><h1 class="topictitle" id="id_root-user">AWS account root user</h1><div class="awsdocs-page-header-container"><awsdocs-page-header></awsdocs-page-header><awsdocs-filter-selector id="awsdocs-filter-selector"></awsdocs-filter-selector></div><p>When you first create an Amazon Web Services (AWS) account, the email address and password you provide are the credentials for your root user, which has access to all AWS services and resources in the account.</p><div class="itemizedlist"> <ul class="itemizedlist"><li class="listitem"> <p>Use the root user only to perform the tasks that require root-level permissions. For the complete list of tasks that require you to sign in as the root user, see <a href="#root-user-tasks">Tasks that require root user credentials</a>. </p> </li><li class="listitem"> <p>Follow the <a href="./root-user-best-practices.html">root user best practices for your AWS account</a>.</p> </li><li class="listitem"> <p>If you're having trouble signing in, see <a href="https://docs.aws.amazon.com/signin/latest/userguide/console-sign-in-tutorials.html">Sign in to the AWS Management Console</a>.</p> </li></ul></div><p>When you first create an Amazon Web Services (AWS) account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account <em>root user</em> and is accessed by signing in with the email address and password that you used to create the account.</p><div class="awsdocs-note awsdocs-important"><div class="awsdocs-note-title"><awsui-icon name="status-warning" variant="error"></awsui-icon><h6>Important</h6></div><div class="awsdocs-note-text"><p>We strongly recommend that you don't use the root user for your everyday tasks and that you follow the <a href="./root-user-best-practices.html">root user best practices for your AWS account</a>. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform. For the complete list of tasks that require you to sign in as the root user, see <a href="#root-user-tasks">Tasks that require root user credentials</a>. </p></div></div><p>While MFA is enforced for root users by default, it requires customer action to add MFA during the initial account creation or as prompted during sign-in. For more information about using MFA to protect the root user, see <a href="./enable-mfa-for-root.html">Multi-factor authentication for AWS account root user</a>.</p> <h2 id="id_root-user-access-management">Centrally manage root access for member accounts</h2> <p>To help you manage credentials at scale, you can centrally secure access to root user credentials for member accounts in AWS Organizations. When you enable AWS Organizations, you combine all your AWS accounts into an organization for central management. Centralizing root access lets you remove root user credentials and perform the following privileged tasks on member accounts.</p> <div class="variablelist"> <dl> <dt><b><span class="term">Remove member account root user credentials</span></b></dt> <dd> <p>After you <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html">centralize root access for member accounts</a>, you can choose to delete root user credentials from member accounts in your Organizations. You can remove the root user password, access keys, signing certificates, and deactivate multi-factor authentication (MFA). New accounts you create in Organizations have no root user credentials by default. Member accounts can't sign in to their root user or perform password recovery for their root user unless account recovery is enabled.</p> </dd> <dt><b><span class="term">Perform privileged tasks that require root user credentials</span></b></dt> <dd> <p>Some tasks can only be performed when you sign in as the root user of an account. Some of these <a href="#root-user-tasks">Tasks that require root user credentials</a> can be performed by the management account or delegated administrator for IAM. To learn more about taking privileged actions on member accounts, see <a href="./id_root-user-privileged-task.html">Perform a privileged task</a>.</p> </dd> <dt><b><span class="term">Enable account recovery of the root user</span></b></dt> <dd> <p>If you need to recover root user credentials for a member account, the Organizations management account or delegated administrator can perform the <b>Allow password recovery</b> privileged task. The person with access to the root user email inbox for the member account can <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reset-root-password.html">reset the root user password</a> to recover root user credentials. We recommend deleting root user credentials once you complete the task that requires access to the root user.</p> </dd> </dl></div> <h2 id="id_root-user-resources">Additional resources</h2> <p>For more information about the AWS root user, see the following resources:</p> <div class="itemizedlist"> <ul class="itemizedlist"><li class="listitem"> <p>For help with root user issues, see <a href="./troubleshooting_root-user.html">Troubleshoot issues with the root user</a>.</p> </li><li class="listitem"> <p>To centrally manage root user email addresses in Organizations, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_update_primary_email.html">Updating the root user email address for a member account</a> in the <em>AWS Organizations User Guide</em>.</p> </li></ul></div> <h2 id="root-user-tasks">Tasks that require root user credentials</h2> <p>We recommend that you <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/getting-started.html">configure an administrative user in AWS IAM Identity Center</a> to perform daily tasks and access AWS resources. However, you can perform the tasks listed below only when you sign in as the root user of an account.</p> <p>To simplify managing privileged root user credentials across member accounts in AWS Organizations, you can enable centralized root access to help you centrally secure highly privileged access to your AWS accounts. <a href="#id_root-user-access-management">Centrally manage root access for member accounts</a> lets you centrally remove and prevent long-term root user credential recovery, improving account security in your organization. After you enable this feature, you can perform the following privileged tasks on member accounts.</p> <div class="itemizedlist"> <ul class="itemizedlist"><li class="listitem"> <p>Remove member account root user credentials to prevent account recovery of the root user. You can also allow password recovery to recover root user credentials for a member account.</p> </li><li class="listitem"> <p>Remove a misconfigured bucket policy that denies all principals from accessing an Amazon S3 bucket.</p> </li><li class="listitem"> <p>Delete an Amazon Simple Queue Service resource-based policy that denies all principals from accessing an Amazon SQS queue.</p> </li></ul></div> <div class="itemizedlist"> <h6>Account Management Tasks</h6> <ul class="itemizedlist"><li class="listitem"> <p><a href="https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html">Change your account settings.</a> This includes the account name, email address, root user password, and root user access keys. Other account settings, such as contact information, payment currency preference, and AWS Regions, don't require root user credentials.</p> </li><li class="listitem"> <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html">Restore IAM user permissions.</a> If the only IAM administrator accidentally revokes their own permissions, you can sign in as the root user to edit policies and restore those permissions.</p> </li><li class="listitem"> <p><a href="https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/close-account.html">Close your AWS account</a>.</p> <p>For more information, see the following topics:</p> <div class="itemizedlist"> <ul class="itemizedlist"><li class="listitem"> <p><a href="https://aws.amazon.com/premiumsupport/knowledge-center/transfer-aws-account/" rel="noopener noreferrer" target="_blank"><span>How do I assign ownership of my AWS account to another entity?</span><awsui-icon class="awsdocs-link-icon" name="external"></awsui-icon></a>.</p> </li><li class="listitem"> <p><a href="https://aws.amazon.com/premiumsupport/knowledge-center/close-aws-account/" rel="noopener noreferrer" target="_blank"><span>How do I close my AWS account?</span><awsui-icon class="awsdocs-link-icon" name="external"></awsui-icon></a>.</p> </li><li class="listitem"> <p><a href="https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html">Close a standalone AWS account</a>.</p> </li></ul></div> </li></ul></div> <div class="itemizedlist"> <h6>Billing Tasks</h6> <ul class="itemizedlist"><li class="listitem"> <p><a href="https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html#ControllingAccessWebsite-Activate">Activate IAM access to the Billing and Cost Management console</a>.</p> </li><li class="listitem"> <p>Some Billing tasks are limited to the root user. See <a href="https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-account-payment.html">Managing an AWS account</a> in AWS Billing User Guide for more information.</p> </li><li class="listitem"> <p>View certain tax invoices. An IAM user with the <a href="https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions">aws-portal:ViewBilling</a> permission can view and download VAT invoices from AWS Europe, but not AWS Inc. or Amazon Internet Services Private Limited (AISPL).</p> </li></ul></div> <div class="itemizedlist"> <h6>AWS GovCloud (US) Tasks</h6> <ul class="itemizedlist"><li class="listitem"> <p><a href="https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/getting-started-sign-up.html">Sign up for AWS GovCloud (US)</a>.</p> </li><li class="listitem"> <p>Request AWS GovCloud (US) account root user access keys from AWS Support.</p> </li></ul></div> <div class="itemizedlist"> <h6>Amazon EC2 Task</h6> <ul class="itemizedlist"><li class="listitem"> <p><a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html">Register as a seller</a> in the Reserved Instance Marketplace.</p> </li></ul></div> <div class="itemizedlist"> <h6>AWS KMS Task</h6> <ul class="itemizedlist"><li class="listitem"> <p>In the event that an AWS Key Management Service key becomes unmanageable, an administrator can recover it by contacting Support; however, Support responds to your root user's primary phone number for authorization by confirming the ticket OTP.</p> </li></ul></div> <div class="itemizedlist"> <h6>Amazon Mechanical Turk Task</h6> <ul class="itemizedlist"><li class="listitem"> <p> <a href="https://docs.aws.amazon.com/AWSMechTurk/latest/AWSMechanicalTurkGettingStartedGuide/SetUp.html#accountlinking">Link Your AWS account to your MTurk Requester account</a>.</p> </li></ul></div> <div class="itemizedlist"> <h6>Amazon Simple Storage Service Tasks</h6> <ul class="itemizedlist"><li class="listitem"> <p><a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/MultiFactorAuthenticationDelete.html">Configure an Amazon S3 bucket to enable MFA (multi-factor authentication)</a>.</p> </li><li class="listitem"> <p><a href="https://aws.amazon.com/premiumsupport/knowledge-center/change-vpc-endpoint-s3-bucket-policy/" rel="noopener noreferrer" target="_blank"><span>Edit or delete an Amazon S3 bucket policy that denies all principals</span><awsui-icon class="awsdocs-link-icon" name="external"></awsui-icon></a>.</p> <p>You can use privileged actions to unlock an Amazon S3 bucket with a misconfigured bucket policy. For details, see <a href="./id_root-user-privileged-task.html">Perform a privileged task on an AWS Organizations member account</a>.</p> </li></ul></div> <div class="itemizedlist"> <h6>Amazon Simple Queue Service Task</h6> <ul class="itemizedlist"><li class="listitem"> <p><a href="https://aws.amazon.com/premiumsupport/knowledge-center/sqs-queue-access-issues-deny-policy" rel="noopener noreferrer" target="_blank"><span>Edit or delete an Amazon SQS resource-based policy that denies all principals</span><awsui-icon class="awsdocs-link-icon" name="external"></awsui-icon></a>.</p> <p>You can use privileged actions to unlock an Amazon SQS queue with a misconfigured resource-based policy. For details, see <a href="./id_root-user-privileged-task.html">Perform a privileged task on an AWS Organizations member account</a>.</p> </li></ul></div> <h2 id="id_root-user_related_information">Related information</h2> <p>The following articles provide additional information about working with the root user.</p> <div class="itemizedlist"> <ul class="itemizedlist"><li class="listitem"> <p><a href="https://repost.aws/knowledge-center/security-best-practices" rel="noopener noreferrer" target="_blank"><span>What are some best practices for securing my AWS account and its resources?</span><awsui-icon class="awsdocs-link-icon" name="external"></awsui-icon></a></p> </li><li class="listitem"> <p><a href="https://repost.aws/knowledge-center/root-user-account-eventbridge-rule" rel="noopener noreferrer" target="_blank"><span>How can I create an EventBridge event rule to notify me that my root user was used?</span><awsui-icon class="awsdocs-link-icon" name="external"></awsui-icon></a> </p> </li><li class="listitem"> <p><a href="https://aws.amazon.com/blogs/mt/monitor-and-notify-on-aws-account-root-user-activity/" rel="noopener noreferrer" target="_blank"><span>Monitor and notify on AWS account root user activity</span><awsui-icon class="awsdocs-link-icon" name="external"></awsui-icon></a> </p> </li><li class="listitem"> <p><a href="https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/monitor-iam-root-user-activity.html">Monitor IAM root user activity</a> </p> </li></ul></div> <awsdocs-copyright class="copyright-print"></awsdocs-copyright><awsdocs-thumb-feedback right-edge="{{$ctrl.thumbFeedbackRightEdge}}"></awsdocs-thumb-feedback></div><noscript><div><div><div><div id="js_error_message"><p><img src="https://d1ge0kk1l5kms0.cloudfront.net/images/G/01/webservices/console/warning.png" alt="Warning" /> <strong>Javascript is disabled or is unavailable in your browser.</strong></p><p>To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.</p></div></div></div></div></noscript><div id="main-col-footer" class="awsui-util-font-size-0"><div id="doc-conventions"><a target="_top" href="/general/latest/gr/docconventions.html">Document Conventions</a></div><div class="prev-next"><div id="previous" class="prev-link" accesskey="p" href="./id.html">Identities</div><div id="next" class="next-link" accesskey="n" href="./id_root-enable-root-access.html">Centralize root access</div></div></div><awsdocs-page-utilities></awsdocs-page-utilities></div><div id="quick-feedback-yes" style="display: none;"><div class="title">Did this page help you? - Yes</div><div class="content"><p>Thanks for letting us know we're doing a good job!</p><p>If you've got a moment, please tell us what we did right so we can do more of it.</p><p><awsui-button id="fblink" rel="noopener noreferrer" target="_blank" text="Feedback" click="linkClick($event)" href="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=IAM&amp;topic_url=https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_root-user.html"></awsui-button></p></div></div><div id="quick-feedback-no" style="display: none;"><div class="title">Did this page help you? - No</div><div class="content"><p>Thanks for letting us know this page needs work. We're sorry we let you down.</p><p>If you've got a moment, please tell us how we can make the documentation better.</p><p><awsui-button id="fblink" rel="noopener noreferrer" target="_blank" text="Feedback" click="linkClick($event)" href="https://docs.aws.amazon.com/forms/aws-doc-feedback?hidden_service_name=IAM&amp;topic_url=https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_root-user.html"></awsui-button></p></div></div></div></body></div></awsdocs-view><div class="page-loading-indicator" id="page-loading-indicator"><awsui-spinner size="large"></awsui-spinner></div></div><div id="tools-panel" dom-region="tools"><awsdocs-tools-panel id="awsdocs-tools-panel"></awsdocs-tools-panel></div></awsui-app-layout><awsdocs-cookie-banner class="doc-cookie-banner"></awsdocs-cookie-banner></div></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10