You are currently viewing Secure AWS Root Account

Secure AWS Root Account

Secure AWS root account

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we have discussed multi-factor authentication.

In this blog post, we are going to complete our root account security.

Secure AWS root account:

When you first create an Amazon Web Services (AWS) account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account. AWS strongly recommend that you do not use the root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks.

There are five steps required to consider your root account secure.

  • Delete your root access keys
  • Activate MFA on your root account
  • Create individual IAM users
  • Use groups to assign permissions
  • Apply an IAM password policy

We have already enabled MFA for the root account and created IAM user with administrative access policy attached to a group.

Next, we will delete the root access key and set IAM password policy.

Step 1: Login to AWS console and navigate to IAM.

Secure AWS root account

Step 2: Click ‘Manage Security Credentials’ located under ‘Dashboard’.

Secure AWS root account

Step 3: Expand ‘Access keys’ and click ‘Delete’.

Secure AWS root account

You will receive one warning message, click ‘Yes’.

Secure AWS root account

Next, we will set a password policy for IAM user.

Step 4: Navigate to ‘Dashboard’ and click ‘Manage Password Policy’.

Secure AWS root account

Step 5: Set IAM password policy as per your requirement and click ‘Apply password policy’.

Secure AWS root account

Congratulations, your root account has been secured successfully.

Secure AWS root account

Hope you have enjoyed this article. In the next blog post, we will discuss the identity provider in IAM.

To get more details on IAM, please refer below AWS documentation.


Leave a Reply