Stop using your AWS Account root user

Recommended settings for root user

Since it’s critical to keep the root user safe and out of reach of malicious users there are a few things you can do to increase it’s security.

  • Do not create access keys for the root user. Create an IAM user for yourself with administrative permissions.
  • Never share the root user credentials.
  • Use a strong password. (Use a password manager if possible)
  • Enable multi-factor authentication.

When should you use the root user?

To handle day to day tasks and access to AWS resources you should use an IAM user with the appropriate permissions following the Principle Of Least Privilege (POLP).

  • Updating the account name
  • Changing credentials for the account
  • Restore IAM user permissions (only when a single IAM administrator revokes their own permission)
  • Closing your AWS account

Create an Administrator IAM user for yourself

It is very simple to get an IAM user setup for yourself in the AWS console to start working in your account.

  1. Log in to your AWS Account using your root user credentials (this should be the last time your using it unless you are doing one of the tasks restricted to the root user)
  2. Go to IAM Service
  3. In the users section press Add User
  4. Enter administrator as the username
  5. Select Programmatic access and AWS Management Console access for Access Types.
  6. Enter a strong password.
  7. Remove the checkbox to require a password reset and click next.

Conclusion

Using your root user account for everyday tasks may be putting you at risk of an attack, by following a few simple steps you can reduce your attack exposure while still being able to do everything that you need in your account.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andres Moreno

Andres Moreno

Passionate software engineer focused on cloud development.