AWS > IAM >

Root Account Active Signing Certificates

LOW

Source

CloudSploit

root-account-active-signing-certificates

management console

Root Account Active Signing Certificates

Ensures the root user is not using x509 signing certificates

AWS supports using x509 signing certificates for API access, but these should not be attached to the root user, which has full access to the account.

Recommended Actions

Delete the x509 certificates associated with the root account.

Links

https://docs.aws.amazon.com/whitepapers/latest/aws-overview-security-processes/x.509-certificates.html

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.