IAM Root Account Usage

Overview

The root user for this account has been used within the past 24 hours. Root access should be eliminated or minimized.

With the creation of an AWS account, a 'root user' is created that cannot be disabled or deleted. That user has unrestricted access to and control over all resources in the AWS account. It is highly recommended that the use of this account be avoided for everyday tasks.

The 'root user' has unrestricted access to and control over all account resources. Use of it is inconsistent with the principles of least privilege and separation of duties, and can lead to unnecessary harm due to error or account compromise.

Vendor

AWS

Cloud Service

IAM

CIS AWS v1.5.0 1.7, CIS3.AWS.1.7

References

https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html, https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html, https://docs.aws.amazon.com/general/latest/gr/aws_tasks-that-require-root.html

Severity

Item Types

Custom::AWS::IAM::Account

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​