Clouds With Active Root Account
This bot inspects all configured cloud accounts for the presence of a global root account. This is a shared account which cloud providers such as Amazon Web Services discourage using. Keeping this account enabled introduces security and auditing risks as it is typically shared amongst multiple stakeholders in the organization.
Recommended Action
Leverage services such as Amazon’s Identity and Access Management for access to the console and API. Revoke the root credentials, or at a minimum enable MFA (multi-factor authentication) on the root account to mitigate it from compromise via brute force attacks.
Severity
High
Resource Types Inspected
Organization Services (Cloud Accounts)
Reactive Hookpoints
resource.modified