Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

How to manage root user by multiple people

0

Our group wants to store keys by using AWS KMS for prevent one of us from using the key without permission. We wants to configure a system that it needs everyone's approval when anyone uses the key.

I think we can acheive this by using AWS Systems Manager or any other external application. But I think the person who can access as root user still can use the key if he try.

I know we can set up MFA and separate the MFA device from the person who knows password of root user, but i think it doesn't become a solution to the root of the problem.

So, is there any service or idea that prevent root user from using the key freely?

Themen
Sicherheit, Identität & KonformitätAWS Framework mit guter StrukturManagement & Unternehmensführung
Tags
AWS-SchlüsselverwaltungsserviceAWS Identity and Access ManagementSicherheitAWS Kontoverwaltung
Sprache
English
rePost-User-4349820
gefragt vor 2 Jahren290 Aufrufe
1 Antwort
1

As for best practice, besides best practices to protect root user, you could set up GuardDuty, which have a finding: IAM Root Credential Use.

If you require a higher level of security, you can take a look at CloudHSM to check if it might be an adequate solution.

profile pictureAWS
romerogt
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt