How to manage root user by multiple people

0

Our group wants to store keys by using AWS KMS for prevent one of us from using the key without permission. We wants to configure a system that it needs everyone's approval when anyone uses the key.

I think we can acheive this by using AWS Systems Manager or any other external application. But I think the person who can access as root user still can use the key if he try.

I know we can set up MFA and separate the MFA device from the person who knows password of root user, but i think it doesn't become a solution to the root of the problem.

So, is there any service or idea that prevent root user from using the key freely?

1 Answer
0

As for best practice, besides best practices to protect root user, you could set up GuardDuty, which have a finding: IAM Root Credential Use.

If you require a higher level of security, you can take a look at CloudHSM to check if it might be an adequate solution.

profile picture
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions