Deactivate or delete access keys for root user

0

In the IAM console I see the message:

Deactivate or delete access keys for root user
Deactivate or delete the access keys for the root user. Instead, use access keys attached to an IAM user to improve security.

I'm concerned that if I do this I'll be unable to log into my account.

已提问 2 年前1769 查看次数
1 回答
1

As a security best practice, it is not recommended for the root user to have an access key. Per the AWS documentation https://docs.aws.amazon.com/accounts/latest/reference/credentials-access-keys-best-practices.html,

One of the best ways to protect your account is to not have access keys for your AWS account root user. Unless you must have root user access keys (which is rare), it is best not to generate them. Instead, the recommended best practice is to create one or more AWS Identity and Access Management (IAM) users. Grant those IAM users the necessary permissions, and use them for everyday interaction with AWS.

You'll still have access to your AWS account by using an IAM user. And, if you really need to access the AWS console using your root user, you can still do so by using your root user credentials (email and password). As a security best practice as well, ensure that you have an MFA configured for your root user credentials.

profile picture
joahna
已回答 2 年前
profile pictureAWS
专家
kentrad
已审核 2 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容