How to deactivate or remove the root user from an account in AWS?

0

Hello, currently organization accounts are created from a configuration designed in Step Functions. I am not using Account Factory. I need to disable or remove the root user.

3개 답변
1

Hi. You cant remove root user but you can restrict root user actions by using SCP(except Management Account).

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

profile picture
전문가
답변함 일 년 전
1

This is a complex process because the root user is the initial account identity that is created when you first sign up for AWS. The root user has full access to the account's AWS services and resources.

To improve the security of your AWS account, AWS recommends reducing your reliance on the root user for everyday tasks. Here are some suggested practices:

  • Enable multi-factor authentication (MFA) on your root account to add an extra layer of security.
  • Create IAM users with the least amount of privilege required for the tasks that are typically performed in your account.
  • AWS Organizations can be used to manage permissions and create accounts without the need for a root user password or access keys.
  • AWS access keys should be rotated and removed on a regular basis.
profile picture
전문가
답변함 일 년 전
0

f you have created organization accounts using a configuration in Step Functions and you want to disable or remove the root user, you can follow these steps:

Access the AWS Management Console using the root user credentials of the account you want to modify. Navigate to the IAM (Identity and Access Management) service. In the IAM console, click on "Users" in the left-hand menu. Locate the root user in the list of users and click on its name to access the user details. Click on the "Security credentials" tab. Under the "Login profile" section, click on the "Manage password" link. Choose the "Delete password" option to disable the root user's password. Click on "Apply" or "Save" to confirm the changes. By deleting the root user's password, you effectively disable the ability to log in as the root user. This helps improve the security of the account by enforcing the use of IAM users with appropriate permissions and least privilege principles.

It's important to note that disabling or removing the root user should be done with caution, as the root user has special privileges and is the ultimate authority in the account. Ensure that you have appropriate IAM users and roles configured with the necessary permissions before removing or disabling the root user.

답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠