AWS Organizations member accounts should not have root user credentials when centralized access is enabled

iam
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

To ensure the security of your AWS environment, you should centrally manage root user credentials and sessions for all accounts within your AWS Organization. The root user has unrestricted access to all services and resources. By centralizing the management of root users, you can prevent unauthorized recovery and large-scale access, strengthening the security posture of your organization. After this feature is enabled, the “Delete root user credentials” action should be performed on all member accounts to ensure that centralized access cannot be bypassed. Performing this action deletes all root user access keys, passwords, and signing certificates.

Remediation

For guidance on enabling centralized root credentials management and deleting root user credentials, refer to the Centralize root access for member accounts and Perform a privileged task on an AWS Organizations member account sections of the AWS Identity and Access Management User Guide.

PREVIEWING: pmartinez/log-level