Root has signed in

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: High (not acceptable risk)
Rule ID: RTM-001

Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine detected an AWS root account authentication session.

This rule can help you with the following compliance standards:

  • PCI
  • APRA
  • MAS
  • NIST4

For further details on compliance standards supported by Conformity, see here.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Real-Time Threat Monitoring.


When you sign up for Amazon Web Services, you provide login information (an email address and a password) that is associated with your AWS account. This combination of email address and password represents your AWS root account and its credentials allow complete access to all your AWS services and resources.

Cloud Conformity strongly recommends that you avoid using the AWS root user for your everyday tasks or even for the administrative ones. With Cloud Conformity RTMA root logon detection you will gain real-time visibility into your AWS root account login activity and help you respond fast to any unauthorized access sessions or potential security breaches.


Monitoring your root login activity is crucial for keeping your Amazon Web Services account safe. Since the root user acts like a superuser, anyone who has your root credentials can gain unrestricted access to all the resources and services within your AWS environment, including billing information and the ability to change the root password.

The most effective way to reduce the risk of unauthorized access to your AWS account is to avoid sharing the root credentials with other members within your organization and stop using them for everyday access. Instead, the best practice is to provide access to your AWS services and resources through individual IAM users (managed by IAM groups) or programmatically through IAM roles. Using individual IAM users and roles (with specific set of permissions) will eliminate the risk of compromising your root account credentials.

Ideally, the root user will be used only to create an administrator, basically an IAM user with full permissions to your AWS account. And this administrator user should be utilized to create and configure other IAM users and roles with limited permissions that implement the principle of least privilege (i.e. the practice of providing every IAM user the minimal amount of access required to perform its tasks).


Publication date May 24, 2017

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Root has signed in

Risk level: High