This rule ensures the absence of access keys for IAM root user.
Rule
IAM root user access key should not exist
Framework
PCI v3.2.1
Severity
✔
Critical
Rule Description
The rule states that in order to comply with PCI v3 requirements, the IAM root user access key should not exist.
The IAM root user has full access and control over the entire AWS account, making it a potential security risk. By disabling the access key for the IAM root user, the risk of unauthorized access or misuse of privileges can be mitigated.
Remediation Steps
To remediate this issue and comply with PCI v3 requirements, follow the steps below:
1. Access the AWS Management Console
Open a web browser and navigate to the AWS Management Console login page.
2. Log in as the Root User
Enter the email address associated with the root user account and click "Next".
Enter the password for the root user account and click "Sign in".
Note: If you have enabled Multi-Factor Authentication (MFA) for the root user, follow the additional steps prompted by the MFA device.
3. Disable Root User Access Key
Once logged in, navigate to the IAM service page by typing "IAM" in the search bar and selecting "IAM - Identity and Access Management" from the results.
3.1. Access the IAM Users Page
From the IAM dashboard, click on "Users" in the left-hand menu.
3.2. Locate the Root User
Look for the user named "root" in the list of IAM users. This is the root user account.
3.3. Disable the Root User Access Key
Click on the checkbox next to the root user.
Click on the "Security credentials" tab at the bottom of the page.
Expand the "Access keys (access key ID and secret access key)" section.
Click on the "Delete" button next to the root user's access key.
4. Verify Root User Access Key Removal
Refresh the page and verify that no access keys are listed for the root user.
Troubleshooting
If you encounter any issues while disabling the root user access key, follow these troubleshooting steps:
1. Verify IAM User Permissions
Ensure that your IAM user has the necessary permissions to disable access keys for the root user. The user should have the "iam:DeleteAccessKey" permission assigned.
2. Check MFA Requirements
If you have enabled Multi-Factor Authentication (MFA) for the root user, make sure you have followed the correct MFA steps for authentication.
3. Contact AWS Support
If the issue persists or you have any difficulties, consider contacting AWS Support for further assistance. Provide any error messages or details about the problem to help expedite the troubleshooting process.
Additional Notes
It is recommended to create and use IAM users with limited permissions instead of relying on the root user account for day-to-day operations.
Regularly review and audit IAM users' access keys to ensure compliance with security best practices.
Enable MFA for all IAM users, including the root user, to add an extra layer of security to the AWS account.
Is your System Free of Underlying Vulnerabilities? Find Out Now