I’ve seen environments where a single compromised root access key brought an entire AWS account to its knees. That’s not a drill. That’s game over for your cloud infrastructure.
The root user is a loaded gun. It has unlimited power. Giving it access keys is like leaving that loaded gun on the coffee table for anyone to grab. It’s an unnecessary, critical vulnerability that far too many organizations still overlook. This isn’t just about best practice; it’s about survival.
Delete all access keys for your AWS root account. Period. If you’re still using them, you’re doing it wrong. Migrate any required root operations to an IAM user with appropriate permissions and MFA.
Here’s how to check and then delete them:
aws iam list-access-keys –user-name root
aws iam delete-access-key –user-name root –access-key-id
This is a fundamental step in securing your cloud. If you’re not doing this, you’re leaving the front door wide open.
The fix
# List root access keys
aws iam list-access-keys --user-name root
# Delete if any exist
aws iam delete-access-key --user-name root --access-key-id <key_id>
Reference: CIS AWS Foundations Benchmark 1.4