Centrally managing root access for customers using AWS Organizations
AWS News Blog
This article discusses a new AWS capability that allows centralized management of root access for accounts in AWS Organizations, addressing longstanding challenges in managing highly privileged root credentials across multiple accounts.
Specifically, the article covers:
- The challenges of manually managing root credentials at scale, including security risks, operational overhead, and compliance issues.
- The new ability to centrally manage root credentials, including removing long-term root credentials, preventing credential recovery, and provisioning secure-by-default accounts.
- Root sessions, which provide short-term, task-scoped root access for specific actions like unlocking S3 bucket policies or SQS queue policies, without needing long-term root credentials.
- A demo showing how to enable and use the new capabilities, including creating a member account without root credentials, obtaining temporary root credentials, and performing a restricted API call as root.
- The availability and documentation of the new features.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Nov 15
2024
2024
Centrally manage root access in AWS Identity and Access Management (IAM)
Nov 22
2024
2024
Secure root user access for member accounts in AWS Organizations
Jun 7
2024
2024
Centrally manage member account root email addresses across your AWS Organization
Dec 24
2024
2024
Delegated Administrators Guide to Effective Controls in AWS Organizations
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.