Aws Root Access Keys
Description
Detects if the AWS root account has any active access keys. The root account has unrestricted access to all AWS resources, so having active access keys associated with it poses a significant security risk as these credentials could be exposed or misused.
Detection Strategy
• Checks the AWS IAM credential report for the root user account
• Reports a vulnerability if either access_key_1 or access_key_2 is active for the root account
• Best practice is to not have any active access keys for the root account - instead create IAM users with appropriate permissions
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.