Control: AWS > PCI v3.2.1 > IAM > 1 IAM root user access key should not exist

This control checks whether user access keys exist for the root user.

Remediation

To delete access keys

1. Log in to your account using the root user credentials. 2. Choose the account name near the top-right corner of the page and then choose My Security Credentials. 3. In the pop-up warning, choose Continue to Security Credentials. 4. Choose Access keys (access key ID and secret access key). 5. To permanently delete the key, choose Delete and then choose Yes. You cannot recover deleted keys. 6. If there is more than one root user access key, then repeat steps 4 and 5 for each key.

PCI requirement(s): 2.1, 2.2, 7.2.1

Resource Types

This control targets the following resource types:

AWS > IAM > Account Summary

Policies

This control type relies on these other policies when running actions:

AWS > PCI v3.2.1

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-pciv3-2-1#/control/types/iamRootUserNoAccessKeys

Category URI

tmod:@turbot/turbot#/control/categories/compliancePci

GraphQL

query controlType(id: "tmod:@turbot/aws-pciv3-2-1#/control/types/iamRootUserNoAccessKeys") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-pciv3-2-1#/control/types/iamRootUserNoAccessKeys'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-pciv3-2-1#/control/types/iamRootUserNoAccessKeys"