Project Description
Determine if MFA is enabled, access keys are disabled, and other recommended settings are in place.
Summary:
Securing the AWS root account(s) is the single most important baseline security control. Anyone logging into the root account has complete control over the cloud deployment and it can be difficult, if not impossible, to regain control. This Op analyzes root account security. It determines if MFA is enabled, access keys are disabled, and other recommended settings are in place. It will recommend hardware MFA if virtual is detected.
Supported Issue Types:
- Root account without MFA detected
- Root account with virtual MFA detected
- Root account with access keys detected
Supported Actions:
- Notify only. AWS does not allow API management of the root account.
Platform:

Related Articles
Fashion App’s Faux Pas: Open Buckets of (21) Buttons
Fashion App’s Faux Pas: Open Buckets of (21) Buttons TL; DR: Leaving their S3 buckets exposed, fashion-focused social app, 21 Buttons, is caught with their pants down. Because it had nothing to do with
Supercharging Security Hub: Part 4, Taking Action
In our last post, we walked through the console and highlighted making the most of the Security Hub console and some tips and tricks to make it more useful. Today I want to dive into one of the best parts of Security Hub — taking actions on events and findings.