Centrally manage root access in AWS Identity and Access Management (IAM)

Posted on: Nov 15, 2024

Today, AWS Identity and Access Management (IAM) is launching a new capability allowing customers to centrally manage their root credentials, simplify auditing of credentials, and perform tightly scoped privileged tasks across their AWS member accounts managed using AWS Organizations.

Now, administrators can remove unnecessary root credentials for member accounts in AWS Organizations and then, if needed, perform tightly scoped privileged actions using temporary credentials. By removing unnecessary credentials, administrators have fewer highly privileged root credentials that they must secure with multi-factor authentication (MFA), making it easier to effectively meet MFA compliance requirements. This helps administrators control highly privileged access in their accounts, reduces operational effort, and makes it easier for them to secure their AWS environment.

The capability to manage root access in AWS member accounts is available in all AWS Regions, including the AWS GovCloud (US) Regions and China Regions. To get started managing your root access in IAM, visit the list of resources below: