Deactivate or delete access keys for root user

0

In the IAM console I see the message:

Deactivate or delete access keys for root user
Deactivate or delete the access keys for the root user. Instead, use access keys attached to an IAM user to improve security.

I'm concerned that if I do this I'll be unable to log into my account.

질문됨 2년 전1772회 조회
1개 답변
1

As a security best practice, it is not recommended for the root user to have an access key. Per the AWS documentation https://docs.aws.amazon.com/accounts/latest/reference/credentials-access-keys-best-practices.html,

One of the best ways to protect your account is to not have access keys for your AWS account root user. Unless you must have root user access keys (which is rare), it is best not to generate them. Instead, the recommended best practice is to create one or more AWS Identity and Access Management (IAM) users. Grant those IAM users the necessary permissions, and use them for everyday interaction with AWS.

You'll still have access to your AWS account by using an IAM user. And, if you really need to access the AWS console using your root user, you can still do so by using your root user credentials (email and password). As a security best practice as well, ensure that you have an MFA configured for your root user credentials.

profile picture
joahna
답변함 2년 전
profile pictureAWS
전문가
kentrad
검토됨 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠