Access keys granting 'root' should be removed

iam
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

The root account is the most privileged user in an AWS account, and AWS Access Keys provide programmatic access to this account. Datadog recommends that you remove all access keys associated with the root account to enhance security. Removing these keys limits the vectors by which the account can be compromised and encourages the creation and use of role-based accounts that adhere to the principle of least privilege. Note that the root IAM User account for GovCloud (US) regions is not enabled by default. However, upon request, AWS support has the ability to enable root access solely via access keys (CLI, API methods) for regions within the AWS GovCloud.

Remediation

For instructions on removing access keys from the root account, refer to Managing Access Keys for Your AWS Account Root User.