AWS-003 Amazon Web Services (AWS)

Root account is not used for day-to-day activity.

Root account is not used for day-to-day activity.

Domain
Amazon Web Services (AWS)
Area
Account / Root
Automated / manual
Automated

Risk if it fails

Routine root use widens exposure and defeats least-privilege.

Every time root logs in, its credentials and session can be stolen. Frequent use means more chances for an attacker to capture the most powerful identity in the account.

How Tess tests it

1 test — each concludes only on cited evidence.

Root account is not used for day-to-day activity.

Automated
Procedure
Review CloudTrail for root sign-in / API events in the last 90 days; expect only break-glass use.

Read-only command 

aws cloudtrail lookup-events --lookup-attributes AttributeKey=Username,AttributeValue=root --max-results 50

More in Amazon Web Services (AWS)

AWS-001 Root account MFA is enabled. AWS-002 No access keys exist on the root account. AWS-004 Strong IAM password policy is enforced. AWS-005 MFA is enabled for all IAM users with console access.

Want Tess to test AWS-003 against your evidence?

Book a demo