By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Account management

0

Hello, I just want to know, If I disabled/remove all AWS root account, will it affect logging in AWS instance using SSH? or is there any impact if I disabled all of it?

Topics
Management & Governance
Tags
AWS Account Management
Language
English
Rraii
asked 9 months ago200 views
3 Answers
1

Hi,

AWS account admin (=root in your message) is a different object than EC2 root user that you use when connecting via ssh to your instance

Look at https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-set-up.html#sign-up-for-aws : it is recommend to "forget" about your account full admin username.

Here is a list of the things that you must with full admin access: https://docs.aws.amazon.com/IAM/latest/UserGuide/root-user-tasks.html. All the rest should be done with different usernames.

So, you don't need to be account admin to become root on EC2: you just need to be authorized to download the private key of corresponding instance to become root.

This guide is very detailled regarding root usage: https://saturncloud.io/blog/understanding-amazon-ec2-root-login-a-guide/

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 9 months ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 9 months ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 9 months ago
0

I believe that you can still use your account, so your access, if root account is deleted, will not be compromised.

profile picture
EXPERT
Antonio_Lagrotteria
answered 9 months ago
0

@Didier, we're using SSO login, is it okay to remove all root account? is there no any issues, if I don't retain any root account?

Rraii
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content