To secure your AWS environment and adhere to IAM best practices ensure that the AWS account (root user) is not using access keys to perform API requests to access resources or billing information. Cloud Conformity strongly recommends removing any existing root key pairs and use individual IAM users for accessing resources within your AWS account.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Anyone who has your root access keys can gain unrestricted access to all the services within your AWS environment, including billing information. Removing these credentials from your root account will significantly reduce the risk of unauthorized access to your AWS resources.
To determine if your AWS root account has any access keys in use, perform the following:
To remove any active access keys created for your AWS root account, perform the following:Note: Deleting AWS root access keys via Command Line Interface (CLI) is not currently supported.