- Root Account Should Not Have Access Keys
Root account has full permissions across the entire account. Root account should not have access keys. Also, it certainly shouldn’t access any service. Instead, create IAM users with predefined roles.
CBP, PCIDSS, SOC2, CIS, ISO27001, HIPAA