Knowledge BaseCommunityRelease NotesRequest Demo

IAM Root User

Identity and Access Management (IAM) root User

Resource Type

AWS.IAM.RootUser

Resource ID Format

For IAM root users, the resource ID is the ARN.

arn:aws:iam::123456789012:root

Background

This resource represents a snapshot for an AWS root user account. This is largely similar to the AWS.IAM.User resource, but with a few added fields. Being a separate resource type also simplifies and optimizes writing policies which apply only to the root account, a common pattern.

Fields

Field

Type

Description

CredentialReport

Map

An AWS account credential report for this user. Implemented as a mapping of string keys to values.

VirtualMFADevice

Map

Contains the EnableDate and SerialNumber of the configured virtual MFA device, if one exists.

Example

{
    "AccountId": "123456789012",
    "Arn": "arn:aws:iam::123456789012:root",
    "CredentialReport": {
        "ARN": "arn:aws:iam::123456789012:root",
        "AccessKey1Active": false,
        "AccessKey1LastRotated": "0001-01-01T00:00:00Z",
        "AccessKey1LastUsedDate": "0001-01-01T00:00:00Z",
        "AccessKey1LastUsedRegion": "N/A",
        "AccessKey1LastUsedService": "N/A",
        "AccessKey2Active": false,
        "AccessKey2LastRotated": "0001-01-01T00:00:00Z",
        "AccessKey2LastUsedDate": "0001-01-01T00:00:00Z",
        "AccessKey2LastUsedRegion": "N/A",
        "AccessKey2LastUsedService": "N/A",
        "Cert1Active": false,
        "Cert1LastRotated": "0001-01-01T00:00:00Z",
        "Cert2Active": false,
        "Cert2LastRotated": "0001-01-01T00:00:00Z",
        "MfaActive": true,
        "PasswordEnabled": false,
        "PasswordLastChanged": "0001-01-01T00:00:00Z",
        "PasswordLastUsed": "2019-01-01T00:00:00Z",
        "PasswordNextRotation": "0001-01-01T00:00:00Z",
        "UserCreationTime": "2019-01-01T00:00:00Z",
        "UserName": "<root_account>"
    },
    "Id": "123456789012",
    "Name": "<root_account>",
    "Region": "global",
    "ResourceId": "arn:aws:iam::123456789012:root",
    "ResourceType": "AWS.IAM.RootUser",
    "Tags": null,
    "TimeCreated": "2019-01-01T00:00:00.000Z",
    "VirtualMFA": {
        "EnableDate": "2019-01-01T00:00:00Z",
        "SerialNumber": "arn:aws:iam::123456789012:mfa/root-virtual-mfa-device"
    }
}
PreviousIAM RoleNextIAM User

Last updated

Was this helpful?