Root Account — AWS Solution Architect Associate Series — Part 4

The root account is the most authorized user used when entering the AWS management interface. It has almost every type of permission on the platform, making it a crucial user. Ensuring the security of this important user against future risks is vital. Therefore, when logging in for the first time, it is essential to make the most of applications such as multifactor authentication (MFA) instead of traditional methods (even OTP can be integrated for MFA).

The value generated with special apps used on mobile devices for “one-time use” entry into applications is called Virtual MFA.

There are two different credential stages for the root user. You can log in to the AWS Management Console on AWS with your email and password. The other type of credential is called an “Access key,” which directs you to the AWS CLI or API where programmatic requests are made.

The Access Key consists of two parts. You can see an example of an Access Key in the visual below:

At this point, there is important information provided by AWS. AWS states:

“If you don’t have an Access Key and don’t need it, do not create one until you need it. If you have an Access Key and are not using it, you should delete it.”

“You can follow the steps below to delete:

1. After logging in, hover over your user in the upper right corner. Click on the ‘my security’ option from the menu that drops down. Enter your root user information.
2. Open the Access Key menu.
3. Perform the ‘Actions’ and then ‘Delete’ operation for the relevant Access Key.
4. Click on the ‘yes’ option from the prompt that appears.

When creating MFA, using a combination of three functions is advisable.

1. Something you know (Username, Password, etc.)
2. Something you have (OTP, Mobile Device, Hardware, etc.)
3. Something you are (Fingerprint, Retina, Face, etc.)

If you use these three in a combined manner, you will significantly enhance your security level.

As mentioned earlier, MFA can take different forms. For example;

• Virtual MFA (Authenticator Apps, LastPass, Symantec VIP, etc.)
• Hardware TOPT (Key fob, Display card)
• FIDO Security Keys (Provided by third-party companies, this is a USB device that becomes active when plugged into your device’s USB port. It is essential for it to be FIDO certified.)”

The next topic will be about AWS “IAM” module.