Skip to main content

Root User Login

Overview

This detector identifies whenever someone logs in to the AWS console as the root user. Login events are identified by monitoring AWS CloudTrail.

The root user is the most powerful administrative user in the account, and it generally has full access to all resources in the account. The root user should not be used for day-to-day administrative tasks.

The AWS user guide recommends the following:

We strongly recommend that you do not use the root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks. To view the tasks that require you to sign in as the root user, see AWS Tasks That Require Root User. For a tutorial on how to set up an administrator for daily use, see Creating your first IAM admin user and user group.

Issues are automatically resolved after a configurable duration so that future login events will create new issues, periodically.

Vendor

AWS

Severity

4