Plugin Title Root Account In Use
Cloud AWS
Category IAM
Description Ensures the root account is not being actively used
More Info The root account should not be used for day-to-day account management. IAM users, roles, and groups should be used instead.
AWS Link http://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html
Recommended Action Create IAM users with appropriate group-level permissions for account access. Create an MFA token for the root account, and store its password and token generation QR codes in a secure place.


Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the "Services" option and search for IAM.
  3. Scroll down the left navigation panel and choose "Credential report". Click on the "Download Report" button to download a report that lists all your account's users and the status of their various credentials.
  4. Open the downloaded credentials report and check the "password_last_used_date" column for the root account. If the timestamp value is recorded within the last 7 days the above credentials have been used to access the AWS account.
  5. Repeat steps number 2 - 4 for other AWS account.
  6. Scroll down the left navigation panel and choose "Users".
  7. Click on the "Add User" button to add new user.
  8. On the "Add User" page provide the "User name" for new IAM user. Under the "Select AWS access Type" select both/either "Programmatic access" and "AWS Management Console access" and choose whether to use an "Autogenerated password" or "Custom Password".
  9. Scroll down the "Add User" page and click on the "Require password reset" so that new IAM user can reset the password at next sign-in.
  10. Click on the "Next: Permissions" button to continue the new IAM user configuration.
  11. On the "Set Permissions" page select the "Administrator Access" policies group to provide the full "AWS Management Console" access to the new IAM user. If such a group doesn't exist click on the "Create Group" button to create a new group with "AdministratorAccess" policies.
  12. Click on the "Next: Tags" button to continue the new IAM user configuration.
  13. Provide the "Key" and "Value" in the "Add tags (optional)" page. Tags can be used to organize, track, or control access for the user. Click on the "Next: Review" button to verify the new IAM user configuration details.
  14. On the "Review" page click on the "Create user" button to create the new user.
  15. To assign MFA to new IAM user click on the "User name" column under the "Users" page.
  16. Click on the "Security Credentials" tab at the menu and check the option for "Assigned MFA device".
  17. Click on the "Manage" option to assign the "MFA device" of the choice. Click on the "Virtual MFA device" and click on "Continue".
  18. Now install the AWS MFA compatible application on mobile device or computer. Once the application is installed click on the "Show QR code" and scan the code with pre-installed application.
  19. Enter two consecutive MFA codes generated from application in "MFA code 1" and "MFA code 2" and click on the "Assign MFA" button.
  20. On successful setup will get the following message "You have successfully assigned virtual MFA".

Want to scan for this risk automatically?

Get Started Now