Aqua CSPM

Root Account Active Signing Certificates

Quick Info

Plugin TitleRoot Account Active Signing Certificates
CloudAWS
CategoryIAM
DescriptionEnsures the root user is not using x509 signing certificates
More InfoAWS supports using x509 signing certificates for API access, but these should not be attached to the root user, which has full access to the account.
AWS Linkhttps://docs.aws.amazon.com/whitepapers/latest/aws-overview-security-processes/x.509-certificates.html
Recommended ActionDelete the x509 certificates associated with the root account.

Detailed Remediation Steps