Ensure Root Account has no Active Signing Certificates


Secure your Amazon Web Services account and adhere to security best practices, ensure that your AWS root user is not using X.509 certificates to perform SOAP-protocol requests to AWS services.Disabling X.509 signing certificates created for your AWS root account eliminates the risk of unauthorized access to certain AWS services and resources, in case the private certificate keys are stolen or shared accidentally.


1. Sign in to the AWS Management Console using the root account credentials.

2. Click on the AWS account name or number available in the upper-right corner of the management console and select My Security Credentials from the dropdown menu.

3. On Your Security Credentials page, click on the X.509 certificate tab to expand the panel with the X.509 certificates deployed for your root account.

4. Choose the X.509 certificate that you want to disable then click on the Inactive button, available within the Actions column, to disable the selected signing certificate. Once the certificate become disabled, its status should change to Inactive.







We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!