Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

IAM Root User Access Key Should Not Exist Rule

This rule ensures the absence of access keys for IAM root user.

RuleIAM root user access key should not exist
FrameworkPCI v3.2.1
Severity
Critical

Rule Description

The rule states that in order to comply with PCI v3 requirements, the IAM root user access key should not exist.

The IAM root user has full access and control over the entire AWS account, making it a potential security risk. By disabling the access key for the IAM root user, the risk of unauthorized access or misuse of privileges can be mitigated.

Remediation Steps

To remediate this issue and comply with PCI v3 requirements, follow the steps below:

1. Access the AWS Management Console

  • Open a web browser and navigate to the AWS Management Console login page.

2. Log in as the Root User

  • Enter the email address associated with the root user account and click "Next".
  • Enter the password for the root user account and click "Sign in".

Note: If you have enabled Multi-Factor Authentication (MFA) for the root user, follow the additional steps prompted by the MFA device.

3. Disable Root User Access Key

  • Once logged in, navigate to the IAM service page by typing "IAM" in the search bar and selecting "IAM - Identity and Access Management" from the results.

3.1. Access the IAM Users Page

  • From the IAM dashboard, click on "Users" in the left-hand menu.

3.2. Locate the Root User

  • Look for the user named "root" in the list of IAM users. This is the root user account.

3.3. Disable the Root User Access Key

  • Click on the checkbox next to the root user.
  • Click on the "Security credentials" tab at the bottom of the page.
  • Expand the "Access keys (access key ID and secret access key)" section.
  • Click on the "Delete" button next to the root user's access key.

4. Verify Root User Access Key Removal

  • Refresh the page and verify that no access keys are listed for the root user.

Troubleshooting

If you encounter any issues while disabling the root user access key, follow these troubleshooting steps:

1. Verify IAM User Permissions

  • Ensure that your IAM user has the necessary permissions to disable access keys for the root user. The user should have the "iam:DeleteAccessKey" permission assigned.

2. Check MFA Requirements

  • If you have enabled Multi-Factor Authentication (MFA) for the root user, make sure you have followed the correct MFA steps for authentication.

3. Contact AWS Support

  • If the issue persists or you have any difficulties, consider contacting AWS Support for further assistance. Provide any error messages or details about the problem to help expedite the troubleshooting process.

Additional Notes

  • It is recommended to create and use IAM users with limited permissions instead of relying on the root user account for day-to-day operations.
  • Regularly review and audit IAM users' access keys to ensure compliance with security best practices.
  • Enable MFA for all IAM users, including the root user, to add an extra layer of security to the AWS account.

Is your System Free of Underlying Vulnerabilities?
Find Out Now