IAM Root User Should Not Have Access Keys Rule

This rule ensures that IAM root user does not have any access keys for security reasons.

Rule	IAM root user should not have access keys
Framework	RBI Cyber Security Framework
Severity	✔ Medium

Rule Description

According to the RBI (Reserve Bank of India) Cyber Security Framework, the root user in AWS Identity and Access Management (IAM) should not have access keys. This rule is implemented to enhance the security of the root user account, as access keys can be abused or compromised by unauthorized individuals, potentially leading to severe security breaches and unauthorized access to AWS resources.

Rule Implementation

To comply with this rule, it is required to ensure that the root user does not have any access keys assigned to its IAM account.

Troubleshooting Steps

If the root user has access keys assigned, you need to follow the steps provided below to remove them.

1.

Login to the AWS Management Console using the root user credentials.

2.

Open the IAM service from the list of available services.

3.

In the IAM dashboard, click on the "Users" link in the left navigation pane.

4.

Select the root user from the list of users.

5.

Click on the "Security credentials" tab at the top.

6.

Under the "Access keys" section, if there are any access keys listed, you need to delete them. Click on the "Delete" button next to each access key and confirm the deletion when prompted.

7.

Once all the access keys are deleted, the root user will no longer have any access keys assigned.

Remediation Steps

To remediate this issue, you are required to remove the access keys assigned to the root user using the AWS Command Line Interface (CLI) or AWS SDKs. Please follow the steps below to accomplish this:

1.

Open the command line interface (CLI) on your local machine or a terminal program.

2.

Install and configure the AWS CLI if you haven't done so already. You can refer to the official AWS CLI documentation for assistance with installation and configuration.

3.

Run the following command to delete the access keys for the root user:

aws iam delete-access-key --user-name <root_user_name> --access-key-id <access_key_id>

Replace

<root_user_name>

with the actual name of the root user and

<access_key_id>

with the ID of the access key you want to delete.

1.

Repeat Step 3 for each access key associated with the root user until all access keys have been deleted.

2.

Verify that the root user no longer has any access keys by running the following command:

aws iam list-access-keys --user-name <root_user_name>

Ensure that no access keys are listed in the output.

By following these steps, you can ensure that the root user in AWS IAM does not have any access keys assigned, complying with the RBI Cyber Security Framework.

IAM Root User Should Not Have Access Keys Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps

Remediation Steps

Is your System Free of Underlying Vulnerabilities?
Find Out Now