Ensure no root account access key exists

Error: Root account access key exists

Bridgecrew Policy ID: BC_AWS_IAM_12
Bridgecrew Severity: CRITICAL
Prisma Cloud Severity: HIGH

Root account access key exists

Description

The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account.

We recommend that all access keys associated with the root account are removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Additionally, removing the root access keys encourages the creation and use of role based accounts that are least privileged.

Fix - Runtime Remediation

AWS Console

To delete or disable active root access keys being Via the AWS Console, follow these steps:

  1. Log in to the AWS Management Console as a Root user at https://console.aws.amazon.com/.
  2. Open the Amazon IAM console.
  3. At the top right of the page click Root_Account_Name, then from the drop down list select Security Credentials.
  4. On the pop out screen click Continue to Security Credentials.
  5. Click Access Keys: Access Key ID and Secret Access Key.
  6. Determine Active Keys, located under the Status column.
  7. To temporarily disable a Key, click Make Inactive.
  8. Click Delete.

🚧

Warning

Deleted keys cannot be recovered.