Clouds Without Protected Root Account

This bot inspects all configured cloud accounts for the presence of a global root account without MFA (multi-factor authentication) enabled. This is a shared account which cloud providers such as Amazon Web Services discourage using. Keeping this account enabled without MFA introduces security and compliance risks.

Recommended Action

Leverage services such as Amazon’s Identity and Access Management for access to the console and API. Revoke the root credentials, or at a minimum enable MFA (multi-factor authentication) on the root account to mitigate it from compromise via brute force attacks.

Severity

High

Resource Types Inspected

Organization Services (Cloud Accounts)

Reactive Hookpoints

resource.modified