The AWS Root Account User should not utilise Access Keys.
Each AWS account is created with an initial root user, who holds complete ownership of the account. This root user is considered the ultimate administrator and has full access to everything within the account.
As the root user is the first “user” entity in an AWS account the root user can access the AWS console and can also create AWS Access Keys for themselves, just like any IAM User. Access Keys are sufficient in and of themselves to grant access to AWS services as the user that they belong to. Therefore the Access Key ID and the Access Key Secret that are issued to a root user is all that’s needed for access to AWS services as that root user.
This situation poses a significant risk, as recovering a compromised root account is a complex and involved process that is significantly more difficult than dealing with a compromised IAM User or IAM Role. Preventation is a far better measure and thus it’s best to never issue Access Keys for the root user.
If any Access Keys have been issued for the root user, it is essential to review their usage history and delete them as soon as possible. If the Access Keys are in legitimate use, migrate the systems and users involved to Access Keys issued to an IAM user.
SkySiege Cloud Assessments can detect root users with issued Access Keys without requiring root user access. This will be summarised in your report that is delivered the same day:
SkySiege Cloud Security Assessments scan for this issue and provide same-day reports..
Available for individual projects or organisations.
