AWS IAM – Root User best practices

Below are some of the security best practices that should be followed while configuring the root user:

  • The MFA should be enabled for the root user account
  • The access/secret keys for the root user account should be destroyed/deleted in order to curtail the programmatic access
  • The password for the root user account should be very strong (by following the mentioned password policy)
  • The root user should not be used for any other activities apart from configuring the account or creating the other user accounts/groups
  • The MFA settings should be removed for the root user account if the user leaves the organization. This is the same case for the access/secret keys if any
  • The Email associated with the root user account should be changed if the user leaves the organization

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *