Benchmark: BP02 Secure account root user and properties
Description
The root user is the most privileged user in an AWS account, with full administrative access to all resources within the account, and in some cases cannot be constrained by security policies. Disabling programmatic access to the root user, establishing appropriate controls for the root user, and avoiding routine use of the root user helps reduce the risk of inadvertent exposure of the root credentials and subsequent compromise of the cloud environment.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-well-architected
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select BP02 Secure account root user and properties.
Run this benchmark in your terminal:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec01_bp02
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec01_bp02 --share
Controls
- IAM root user hardware MFA should be enabled
- IAM root user MFA should be enabled
- IAM root user should not have access keys