Skip to content

AWS Account root user is used

Description

The AWS Account Root User is the first identity created with the AWS Account and has the highest level of privileges. The Root User account has unrestricted access to all AWS services and resources and is used for account and service management tasks, to create a new account for administrative, and other tasks.

We recommend you minimize the use of the Root User account by adopting the Principle of Least Privilege for access management. This reduces the risk of accidental changes and unintended disclosure of highly privileged credentials.

Fix - Runtime

Procedure

Replace usage of the AWS root with IAM users with minimal set of permissions necessary to access and manage just the required AWS resources and services. For example, you can add an MFA enabled user that can perform a limited set of privileged activities. Consider also using the IAM Administrator Managed Policy.