By using AWS re:Post, you agree to the Terms of Use

Deactivate or delete access keys for root user


In the IAM console I see the message:

Deactivate or delete access keys for root user
Deactivate or delete the access keys for the root user. Instead, use access keys attached to an IAM user to improve security.

I'm concerned that if I do this I'll be unable to log into my account.

1 Answer

As a security best practice, it is not recommended for the root user to have an access key. Per the AWS documentation,

One of the best ways to protect your account is to not have access keys for your AWS account root user. Unless you must have root user access keys (which is rare), it is best not to generate them. Instead, the recommended best practice is to create one or more AWS Identity and Access Management (IAM) users. Grant those IAM users the necessary permissions, and use them for everyday interaction with AWS.

You'll still have access to your AWS account by using an IAM user. And, if you really need to access the AWS console using your root user, you can still do so by using your root user credentials (email and password). As a security best practice as well, ensure that you have an MFA configured for your root user credentials.

profile picture
answered 2 months ago
profile picture
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions