- Newest
- Most votes
- Most comments
Hi. You cant remove root user but you can restrict root user actions by using SCP(except Management Account).
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
This is a complex process because the root user is the initial account identity that is created when you first sign up for AWS. The root user has full access to the account's AWS services and resources.
To improve the security of your AWS account, AWS recommends reducing your reliance on the root user for everyday tasks. Here are some suggested practices:
- Enable multi-factor authentication (MFA) on your root account to add an extra layer of security.
- Create IAM users with the least amount of privilege required for the tasks that are typically performed in your account.
- AWS Organizations can be used to manage permissions and create accounts without the need for a root user password or access keys.
- AWS access keys should be rotated and removed on a regular basis.
f you have created organization accounts using a configuration in Step Functions and you want to disable or remove the root user, you can follow these steps:
Access the AWS Management Console using the root user credentials of the account you want to modify. Navigate to the IAM (Identity and Access Management) service. In the IAM console, click on "Users" in the left-hand menu. Locate the root user in the list of users and click on its name to access the user details. Click on the "Security credentials" tab. Under the "Login profile" section, click on the "Manage password" link. Choose the "Delete password" option to disable the root user's password. Click on "Apply" or "Save" to confirm the changes. By deleting the root user's password, you effectively disable the ability to log in as the root user. This helps improve the security of the account by enforcing the use of IAM users with appropriate permissions and least privilege principles.
It's important to note that disabling or removing the root user should be done with caution, as the root user has special privileges and is the ultimate authority in the account. Ensure that you have appropriate IAM users and roles configured with the necessary permissions before removing or disabling the root user.
Relevant content
- Accepted Answerasked 7 months ago
- asked 3 years ago
- asked 5 years ago
- AWS OFFICIALUpdated 25 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago