IAM Root User No Access Keys Rule
This rule ensures that the IAM root user does not have any access keys assigned.
| Rule | IAM root user should not have access keys |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ Medium |
Rule Description:
The rule recommends that the root user in IAM (Identity and Access Management) should not have access keys for compliance with NIST (National Institute of Standards and Technology) 800-53 Revision 4. This ensures better security by reducing the risk of unauthorized access or misuse of the root account.
Troubleshooting Steps:
If the root user has access keys, it is crucial to remove them to comply with the rule. Here are the troubleshooting steps to identify and remediate the issue:
- 1.
Step 1: Verify the presence of access keys for the root user
- Go to the AWS Management Console.
- Open the IAM service.
- Navigate to "Users" in the left panel.
- Search and select the root user.
- 2.
Step 2: Check for access keys
- In the "Security Credentials" tab, verify if there are any access keys present.
- If access keys exist, it indicates that the root user has access keys.
Remediation:
To comply with the rule, you need to remove the access keys for the root user in IAM. Follow the step-by-step guide below:
- 1.
Step 1: Sign in as the root user
- Visit the AWS Management Console.
- Sign in using the root user credentials.
- 2.
Step 2: Open the IAM service
- Go to the IAM service in the AWS Management Console.
- 3.
Step 3: Access the root user settings
- Navigate to "Users" in the left panel.
- Search and select the root user.
- 4.
Step 4: Remove access keys
- In the "Security Credentials" tab, locate the access keys.
- Click on the access key ID, and then click on the "Delete" button.
- Confirm the deletion when prompted.
- 5.
Step 5: Verify access key removal
- After removing the access key, ensure that no access keys are present for the root user.
Once the access keys are removed, the root user will not have access keys, ensuring compliance with NIST 800-53 Revision 4.