Profile Applicability: Level 1


The "root" account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.


The "root" account is the most privileged AWS account. Minimizing the use of this account and adopting the principle of least privilege for access management will reduce the risk of accidental changes and unintended disclosure of highly privileged credentials. As 


Implement the Ensure a log metric filter and alarm exist for usage of "root" account recommendation in the Monitoring section of this benchmark to receive notifications of root account usage.

Note: there are a few conditions under which the use of the root account is required, such as requesting a penetration test or creating a CloudFront private key.


Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation

We can also check the Users section to identify root users, by selecting the security credentials tab in IAM services:



2. CIS CSC v6.0 #5.1

CIS Controls:

4.3 Ensure the Use of Dedicated Administrative Accounts

Ensure that all users with administrative account access use a dedicated or secondary account for elevated activities. This account should only be used for administrative activities and not internet browsing, email, or similar activities