How to manage root user by multiple people


Our group wants to store keys by using AWS KMS for prevent one of us from using the key without permission. We wants to configure a system that it needs everyone's approval when anyone uses the key.

I think we can acheive this by using AWS Systems Manager or any other external application. But I think the person who can access as root user still can use the key if he try.

I know we can set up MFA and separate the MFA device from the person who knows password of root user, but i think it doesn't become a solution to the root of the problem.

So, is there any service or idea that prevent root user from using the key freely?

1 Answer

As for best practice, besides best practices to protect root user, you could set up GuardDuty, which have a finding: IAM Root Credential Use.

If you require a higher level of security, you can take a look at CloudHSM to check if it might be an adequate solution.

profile picture
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions