Access keys granting 'root' should be removed

iam
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

The root account is the most privileged user in an AWS account, and AWS Access Keys provide programmatic access to this account. Datadog recommends that you remove all access keys associated with the root account to enhance security. Removing these keys limits the vectors by which the account can be compromised and encourages the creation and use of role-based accounts that adhere to the principle of least privilege. Note that the root IAM User account for GovCloud (US) regions is not enabled by default. However, upon request, AWS support has the ability to enable root access solely via access keys (CLI, API methods) for regions within the AWS GovCloud.

Remediation

For instructions on removing access keys from the root account, refer to Managing Access Keys for Your AWS Account Root User.