AWS-IAM-Root-Account-In-Use

Severity: High

Description: This control ensures that root user account usage are limited by checking last time root account used password in credential report . The "root" account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.

Remediation Steps:

Perform following to update IAM root user :

Login to the AWS Management Console at https://console.aws.amazon.com as root user.
Navigate to IAM console.
Step 1 : create an IAM group and assign a policy :
1. In the navigation pane, click Groups and then click Create New Group.
2. In the Group Name box, type the name of the group.
3. Click Next Step.
4. In the list of policies, select the check box for each policy that you want to apply to all members of the group.
5. Click Next Step.
6. Click Create Group.
Step 2 : add a user to a given group :
1. In the navigation pane, click Groups.
2. Select the group to add a user to.
3. Under Users tab, click Add Users To Group.
4. Select the users to be added to the group.
5. Click Add Users.
Step 3 : remove a direct association between a user and policy :
1. For each user:
  1. Select the user
  2. Click on the Permissions tab
  3. In the left navigation pane, click on Users
  4. Select the user
  5. Click on the Permissions tab
  6. Expand Permissions Policies
  7. Click Detach/Delete icon (cross) for all managed and inline policies.

Important:

Changes in account credentials may take up to 4 hours to get reflected in the AWS IAM evaluations.
To limit the use of fully privileged "root" account, other user accounts should be used to perform specific administrative tasks by attaching the privileged user rights policies only to groups or roles and not directly to the individual users.

Reference:

CIS reference: CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #1.7