By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to manage root user by multiple people

0

Our group wants to store keys by using AWS KMS for prevent one of us from using the key without permission. We wants to configure a system that it needs everyone's approval when anyone uses the key.

I think we can acheive this by using AWS Systems Manager or any other external application. But I think the person who can access as root user still can use the key if he try.

I know we can set up MFA and separate the MFA device from the person who knows password of root user, but i think it doesn't become a solution to the root of the problem.

So, is there any service or idea that prevent root user from using the key freely?

Topics
Security, Identity, & ComplianceAWS Well-Architected FrameworkManagement & Governance
Tags
AWS Key Management ServiceAWS Identity and Access ManagementSecurityAWS Account Management
Language
English
rePost-User-4349820
asked 2 years ago285 views
1 Answer
1

As for best practice, besides best practices to protect root user, you could set up GuardDuty, which have a finding: IAM Root Credential Use.

If you require a higher level of security, you can take a look at CloudHSM to check if it might be an adequate solution.

profile pictureAWS
romerogt
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content