IAM Root User should not have Access Keys Rule
This rule ensures that the IAM root user does not have any access keys for security measures.
| Rule | IAM root user should not have access keys |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Medium |
Title: IAM Root User Access Key Restrictions for GxP 21 CFR Part 11 Compliance
Description:
In order to ensure compliance with GxP (Good Practices for regulatory compliance in pharmaceutical industries) and 21 CFR Part 11 (regulations on electronic records and signatures), it is essential to restrict the usage of access keys for the IAM (Identity and Access Management) root user. The IAM root user has unrestricted access to all AWS services, and as such, it is critical to avoid any potential security risks by disabling access keys for this user.
Policy Details:
- Policy Name: IAM Root User Access Key Restrictions
- Policy ID: <insert_policy_id_here>
- Compliance Regulation: GxP 21 CFR Part 11
- Affected Resources: IAM Root User
Troubleshooting Steps:
If access keys are found to be active for the IAM root user, follow these troubleshooting steps to disable them:
- 1.Login to the AWS Management Console using credentials with administrative privileges.
- 2.Navigate to the IAM service.
- 3.Click on "Users" in the left sidebar menu.
- 4.Search for "root" in the User search bar.
- 5.Select the IAM root user from the list.
- 6.In the "Security credentials" tab, check if there are any access keys listed.
- 7.If access keys are present, click on the "Delete access key" button next to each active key.
- 8.Confirm the action when prompted.
- 9.Ensure that access keys are successfully deleted for the IAM root user.
Necessary Code:
To enforce the policy mentioned above, you can use the following AWS CLI command:
aws iam delete-access-key --user-name <IAM_root_user_name> --access-key-id <access_key_id>
Replace
<IAM_root_user_name><access_key_id>Remediation Steps:
To comply with the IAM root user access key restrictions for GxP 21 CFR Part 11, follow these steps:
- 1.Open your preferred command-line interface or terminal.
- 2.Install the AWS CLI (Command Line Interface) if you haven't already.
- 3.Configure the AWS CLI with the necessary access credentials by running the
command.aws configure - 4.Run the following AWS CLI command to delete the access key for the IAM root user:
aws iam delete-access-key --user-name <IAM_root_user_name> --access-key-id <access_key_id>
Replace
<IAM_root_user_name><access_key_id>Note: It is recommended to follow the principle of least privilege and not utilize the IAM root user for day-to-day tasks. Create and use IAM users with appropriate permissions instead to maintain proper access control and security.
By implementing these access key restrictions, you ensure compliance with GxP 21 CFR Part 11 regulations and reduce the risk of unauthorized access to sensitive systems and data within your AWS environment.