Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

IAM Root User Access Key Rule

This rule ensures that IAM root user access key should not exist for better security measures.

RuleIAM root user access key should not exist
FrameworkAWS Foundational Security Best Practices
Severity
Critical

Rule Description:

According to AWS Foundational Security Best Practices, it is recommended that the root user access key is disabled or deleted in order to enhance security. The root user has unrestricted access to all resources and actions within an AWS account, making it a high-value target for potential attackers. Having an active access key for the root user increases the risk of unauthorized access or misuse of the account.

Troubleshooting Steps:

  1. 1.
    Log in to the AWS Management Console using your root user credentials.
  2. 2.
    Navigate to the IAM service.
  3. 3.
    Click on "Users" in the left-hand menu.
  4. 4.
    Search for the root user in the list of users.
  5. 5.
    Verify if the root user has an access key associated with it.

Remediation Steps:

Option 1: Disabling the Root User Access Key

  1. 1.
    Select the root user from the list of users.
  2. 2.
    Click on the "Security credentials" tab.
  3. 3.
    Under "Access keys", locate the active access key and click on the "Make inactive" button.
  4. 4.
    This action will disable the access key for the root user.

Option 2: Deleting the Root User Access Key

  1. 1.
    Select the root user from the list of users.
  2. 2.
    Click on the "Security credentials" tab.
  3. 3.
    Under "Access keys", locate the active access key and click on the "Delete" button.
  4. 4.
    Confirm the deletion when prompted.

Security Codes (if applicable):

N/A

CLI Command for Disabling the Root User Access Key:

aws iam update-access-key --user-name <root_user_name> --access-key-id <access_key_id> --status Inactive

Replace

<root_user_name>
with the actual root user name and
<access_key_id>
with the access key ID associated with the root user.

CLI Command for Deleting the Root User Access Key:

aws iam delete-access-key --user-name <root_user_name> --access-key-id <access_key_id>

Replace

<root_user_name>
with the actual root user name and
<access_key_id>
with the access key ID associated with the root user.

Note:

It is important to ensure that you have alternative IAM users with appropriate permissions in order to manage and administer your AWS resources.

Is your System Free of Underlying Vulnerabilities?
Find Out Now