IAM Rule: Root User Access Keys
This rule ensures IAM root user should not have access keys for enhanced security.
| Rule | IAM root user should not have access keys |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Medium |
Rule Description:
According to the NIST 800-171 Revision 2 security standard, the root user in AWS Identity and Access Management (IAM) should not have any access keys. This rule is implemented to enhance the security posture of the AWS environment to align with NIST 800-171 requirements.
Remediation:
To remediate this issue, you can follow the steps below:
Step 1: Identify Access Keys:
- 1.Log in to the AWS Management Console using root credentials.
- 2.Open the IAM service.
Step 2: Remove Access Keys:
- 1.In the IAM Dashboard, click on the "Dashboard" from the left-hand side menu.
- 2.In the "Account Settings" section, click on "Delete your Root access keys".
- 3.Click on "Manage access keys" in the pop-up window.
Step 3: Delete Access Keys:
- 1.Find the root user from the list and select the checkbox beside their name.
- 2.Click on the "Delete" button at the top of the screen.
- 3.Confirm the deletion by clicking on "Yes, Delete" in the confirmation pop-up.
Troubleshooting Steps:
If you face any issues during the remediation process or encounter error messages, follow these troubleshooting steps:
Issue: Cannot Find Access Keys
- Ensure that you are logged in as the root user and have navigated to the IAM service.
- Double-check that you are on the "Dashboard" page and have clicked on "Delete your Root access keys" under the "Account Settings" section.
Issue: Access Key Deletion Error
- Verify that you have selected the correct access key associated with the root user for deletion.
- If the key deletion fails, check if the key is being used by any application or service. Disable or remove the key from those applications or services and then retry the deletion process.
- If you are unable to determine the cause of the error, consider contacting AWS support for further assistance.
CLI Command:
To delete the root user's access keys using AWS CLI, follow the steps below:
- 1.Open your preferred command-line interface.
- 2.Run the following command:
aws iam delete-access-key --user-name <your-root-username> --access-key-id <your-access-key-id>
Replace
<your-root-username><your-access-key-id>- 1.Confirm the deletion by pressing
orY
.Enter
Conclusion:
By following the provided steps, you can remove the access keys for the root user in IAM, aligning with the NIST 800-171 Revision 2 security standard. Regularly reviewing and removing access keys for the root user is essential to ensure a secure AWS environment.