This rule ensures that IAM root user access key should not exist for better security measures.
Rule | IAM root user access key should not exist |
Framework | AWS Foundational Security Best Practices |
Severity | ✔ Critical |
Rule Description:
According to AWS Foundational Security Best Practices, it is recommended that the root user access key is disabled or deleted in order to enhance security. The root user has unrestricted access to all resources and actions within an AWS account, making it a high-value target for potential attackers. Having an active access key for the root user increases the risk of unauthorized access or misuse of the account.
Troubleshooting Steps:
Remediation Steps:
Option 1: Disabling the Root User Access Key
Option 2: Deleting the Root User Access Key
Security Codes (if applicable):
N/A
CLI Command for Disabling the Root User Access Key:
aws iam update-access-key --user-name <root_user_name> --access-key-id <access_key_id> --status Inactive
Replace
<root_user_name>
with the actual root user name and <access_key_id>
with the access key ID associated with the root user.CLI Command for Deleting the Root User Access Key:
aws iam delete-access-key --user-name <root_user_name> --access-key-id <access_key_id>
Replace
<root_user_name>
with the actual root user name and <access_key_id>
with the access key ID associated with the root user.Note:
It is important to ensure that you have alternative IAM users with appropriate permissions in order to manage and administer your AWS resources.