Help Center/ Config/ User Guide/ Resource Compliance/ Built-In Policies/ Identity and Access Management/ The Root User Should Not Have Available Access Keys
Updated on 2025-08-25 GMT+08:00

The Root User Should Not Have Available Access Keys

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

iam-root-access-key-check

Identifier

iam-root-access-key-check

Description

If the root user access key is available, the account is non-compliant.

Tag

iam

Trigger Type

Periodic

Filter Type

Account

Rule Parameters

None

Application Scenarios

To enhance account security, you are advised to only use the password to log in to the console. Do not create access keys for your root user.

Solution

You can delete or disable access keys for the root user. For more details, see Managing Access Keys for an IAM User.

Rule Logic

  • If a root user does not have an enabled access key, the account is compliant.
  • If a root user has an enabled access key, the account is non-compliant.