top of page

Insufficient security on the root admin account

Don't use the root account for BAU tasks. Create a recovery policy and secure the root account using 2FA. Amazon, for example, recommend as follows:

"Therefore, protect your root user access key like you would your credit card numbers or any other sensitive secret. Here are some ways to do that:

If you don't already have an access key for your AWS account root user, don't create one unless you absolutely need to. Instead, use your account email address and password to sign in to the AWS Management Console and create an IAM user for yourself that has administrative permissions.
If you do have an access key for your AWS account root user, delete it. If you must keep it, rotate (change) the access key regularly. To delete or rotate your root user access keys, go to the My Security Credentials page in the AWS Management Console and sign in with your account's email address and password. You can manage your access keys in the Access keys section. For more information about rotating access keys, see Rotating access keys.
Never share your AWS account root user password or access keys with anyone.......... avoid having to share your AWS account root user credentials with other users. They also explain how to avoid having to embed them in an application.
Use a strong password to help protect account-level access to the AWS Management Console. For information about managing your AWS account root user password, see Changing the AWS account root user password.
Enable AWS multi-factor authentication (MFA) on your AWS account root user account. For more information, see Using multi-factor authentication (MFA) in AWS.

Previous
bottom of page