AWS Organizations centralized root access management should be fully enabled

iam
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

AWS Organizations should have both centralized root access management features fully enabled: root sessions and root credentials management. Together, these features ensure that sts:AssumeRoot permissions are enforced exclusively through the management account, providing centralized control over root user sessions and the ability to remove long-term root credentials from member accounts. Without both features enabled, root access cannot be fully governed through permission boundaries and organizational policies.

Remediation

Enable both centralized root access management features for the organization. From the management account, enable “Root sessions” to allow centralized root access via sts:AssumeRoot, and enable “Root credentials management” to remove and manage root credentials across member accounts. For guidance, refer to Centralize root access for member accounts.