Eliminate use of the 'root' user for administrative and daily tasks

It is strongly recommended not to use the 'root' account. The root account is the most privileged AWS account; it has unrestricted access to all resources in the AWS account. Minimizing the use of this account and adopt the principle of least privilege to reduce the risk of accidental changes and unintended disclosure of highly privileged credentials. Note: Government cloud accounts do not have a root user, and so, should exclude this rule in the CloudGuard UI -> Posture Management -> Exclusions -> Create New Exclusion (for each relevant ruleset)

Risk Level: High
Cloud Entity: IAM User
CloudGuard Rule ID: D9.AWS.IAM.01
Covered by Spectral: No
Category: Security, Identity, & Compliance

GSL LOGIC

IamUser where name regexMatch /^<root_account>$/i should not have passwordLastUsed after(-90, 'days')

REMEDIATION

We recommend that Root accounts should not be used and that the credentials not be shared with anyone else. As a best practice, customers should leverage IAM Groups, Roles and Users to grant access to specific AWS resources.

References

  1. Follow IAM Best Practices at the following link: http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

IAM User

An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.

Compliance Frameworks

  • AWS CIS Controls V 8
  • AWS CIS Foundations v. 1.0.0
  • AWS CIS Foundations v. 1.1.0
  • AWS CIS Foundations v. 1.2.0
  • AWS CIS Foundations v. 1.3.0
  • AWS CIS Foundations v. 1.4.0
  • AWS CIS Foundations v. 1.5.0
  • AWS CIS Foundations v. 2.0.0
  • AWS CSA CCM v.3.0.1
  • AWS CSA CCM v.4.0.1
  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS CloudGuard Well Architected Framework
  • AWS Dashboard System Ruleset
  • AWS GDPR Readiness
  • AWS HIPAA
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ISO 27001:2013
  • AWS ISO27001:2022
  • AWS ITSG-33
  • AWS LGPD regulation
  • AWS MAS TRM Framework
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-171
  • AWS NIST 800-53 Rev 4
  • AWS NIST 800-53 Rev 5
  • AWS NIST CSF v1.1
  • AWS PCI-DSS 3.2
  • AWS PCI-DSS 4.0
  • AWS Security Risk Management
  • CloudGuard AWS All Rules Ruleset
  • CloudGuard AWS Dashboards
  • CloudGuard AWS Default Ruleset