En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

How to manage root user by multiple people

0

Our group wants to store keys by using AWS KMS for prevent one of us from using the key without permission. We wants to configure a system that it needs everyone's approval when anyone uses the key.

I think we can acheive this by using AWS Systems Manager or any other external application. But I think the person who can access as root user still can use the key if he try.

I know we can set up MFA and separate the MFA device from the person who knows password of root user, but i think it doesn't become a solution to the root of the problem.

So, is there any service or idea that prevent root user from using the key freely?

Sujets
Sécurité, identité et conformitéFramework AWS Well-ArchitectedGestion et gouvernance
Balises
Service AWS Key ManagementGestion des identités et des accès AWSSécuritéAWS Account Management
Langue
English
rePost-User-4349820
demandé il y a 2 ans290 vues
1 réponse
1

As for best practice, besides best practices to protect root user, you could set up GuardDuty, which have a finding: IAM Root Credential Use.

If you require a higher level of security, you can take a look at CloudHSM to check if it might be an adequate solution.

profile pictureAWS
romerogt
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents