IAM policies should remove root access keys
- GG_ID: GG_IAC_0070
- Severity: CRITICAL
- Complexity: MEDIUM
- Categories: PERMISSION
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
Description#
Identity and access management (IAM) ensures that the right people and job roles in the organization can access the tools they need for their tasks. It is recommended to remove all access keys associated to the root user in favor of role-based accounts that are least privileged.
Impact#
An attacker with access to the root user get access to all resources within the entire AWS account.
Remediation guidelines#
Replace the root user in the configuration file to a lower privileged account.