AWS-IAM-Root-Access-Keys

Severity: High

Description: This control ensures that  any of the access keys for root account are not active. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed.

Remediation Steps:

Perform following to update IAM policy for IAM user :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to IAM console.

3. Choose account name in the navigation bar, and then choose My Security Credentials.

4. If there is a warning about accessing the security credentials for your AWS account, choose Continue to Security Credentials.

5. Expand the Access keys section.

6. For each access Key ID listed, under the Actions column, choose Delete.

Important:

• Changes in account credentials may take up to 4 hours to get reflected in the AWS IAM evaluations

• An access key can be marked as inactive instead of deleting it. This enables to resume use of it in the future without having to change either the key ID or secret key. While it is inactive, any attempts to use it in requests to the AWS API fail with the status of access denied.

Reference:

• CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #1.4