Certified Security - Specialty

Sign Up Free or Log In to participate!

IAM Root Users lecture – Deleting root access key

Don’t you need to ensure no services use the access key before deleting it?

Nikka Zanandrea

I guess that you should’t use your root access key for the other services, but create other users instead.

3 Answers

Nikka is spot on.
The only tasks you should do with the root account is restricted account tasks.
For everything you should have one or more Admin/User/Service accounts with the least rights needed for the suite of tasks.


Yes, you should check the last usage. You can also use CloudTrail to identify where that key is being used.

Also, you can just deactivate the key, as a first step. Leave it for a short period and see if anything breaks. I’ve had similar before, e.g. a DBA had configured his user key to do automated tasks. When he left and his account was deleted (not by me), things broke.

I personally prefer to disable for a period, then delete when no one screams.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?