https://avd.aquasec.com/misconfig/aws/iam/root-account-active-signing-certificates/