The 'root' account should not be used for daily tasks

문서 > Datadog 보안 > OOTB Rules > The 'root' account should not be used for daily tasks

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

With the creation of an AWS account, a root user is established that cannot be disabled or deleted. This user has unrestricted access to and control over all resources in the account. Datadog highly recommends that you avoid using this account for everyday tasks to adhere to security best practices.

The root user’s unrestricted access is inconsistent with the principles of least privilege and separation of duties, which can lead to unnecessary harm due to errors or account compromise. In GovCloud (US) regions, the root user is not enabled by default but can be enabled upon request with access granted only through access-keys (CLI, API methods).

Remediation

For instructions on managing the root user account to prevent it from being used for daily activities, refer to AWS Best Practices for Managing Root User Access.