Sprinto Dashboard

How to resolve Sprinto check to avoid using AWS IAM "root" accounts

About

Sprint Check: AWS root account usage should be avoided This Sprinto check verifies that the AWS root account is not being used for regular administrative tasks or resource management activities within your AWS environment. The following Sprinto check starts failing if any of the created IAM root users on the AWS account have been used within the last 90 days.

Purpose

The purpose of this check is to ensure that the AWS root account, which has complete and unrestricted access to all resources and services in your AWS environment, is used only for a limited set of tasks and is not used for day-to-day operations.

How to fix

Follow the below steps to fix the Sprinto check:

Before you begin

  • Ensure you have administrator privilege on the AWS account to review the users' access.

Review the IAM Root account usage:

  1. Log in to the AWS Console using your credentials.

  2. Navigate to the AWS IAM service.

  3. Click Credential Report under the Access Reports category.

  4. Click Download credentials report.

  5. Open the downloaded report.

  6. If the Password_enabled parameter is set to "N/A," "no_information," or "not_supported," the check status will be updated to Passing. If the value is True, then the following three parameters will be evaluated based on the specified conditions:

    Parameter
    Condition
    Check Status

    Password_enabled

    True

    Passing

    access_key_1_last_used_date

    Last used equal or more than 90 days

    Passing

    access_key_2_last_used_date

    Last used equal or more than 90 days

    Passing

    password_last_used

    Last used equal or more than 90 days

    Passing

  7. If you have accessed any root account in the last 90 days for any reason, and your organization is about to get to the compliance audit, you can mark the above Sprinto check as a special case. Refer to Mark Sprinto's check as a special case for detailed instructions. Note: Ensure you precisely describe the reason for accessing the root account while marking the check as a special case.

    Once the root account has been used recently or deleted, Sprinto detects the configuration change and sets the check status to "Passing."

Support

Contact Sprinto support if you have any queries related to the check or need assistance.

PreviousHow to resolve Sprinto check monitoring Azure Cosmos DB LatencyNextHow to resolve Sprinto check to configure essential contact for organization