Knowledge BasePanther.comRelease NotesDemo Request
Search…
Overview
Quick Start
Data Sources & Transports
Writing Detections
Cloud Security Scanning
Cloud Resource Attributes
AWS
ACM Certificate
CloudFormation Stack
CloudWatch Log Group
CloudTrail
CloudTrail Meta
Config Recorder
Config Recorder Meta
DynamoDB Table
EC2 AMI
EC2 Instance
EC2 Network ACL
EC2 SecurityGroup
EC2 Volume
EC2 VPC
ECS Cluster
EKS Cluster
ELBV2 Application Load Balancer
GuardDuty Detector
GuardDuty Detector Meta
IAM Group
IAM Policy
IAM Role
IAM Root User
IAM User
KMS Key
Lambda Function
Password Policy
RDS Instance
Redshift Cluster
S3 Bucket
WAF Web ACL
Alert Destinations
Data Analytics
Enrichment
System Configuration
Guides
Help
Panther Developer Workflows
Panther API
Panther Analysis Tool
Managing Detections via CI/CD
GitHub Actions Onboarding Guide
Panther Config SDK (Beta)
Powered By GitBook
IAM Root User
Identity and Access Management (IAM) root User

Resource Type

AWS.IAM.RootUser

Resource ID Format

For IAM root users, the resource ID is the ARN.
arn:aws:iam::123456789012:root

Background

This resource represents a snapshot for an AWS root user account. This is largely similar to the AWS.IAM.User resource, but with a few added fields. Being a separate resource type also simplifies and optimizes writing policies which apply only to the root account, a common pattern.

Fields

Field
Type
Description
CredentialReport
Map
An AWS account credential report for this user. Implemented as a mapping of string keys to values.
VirtualMFADevice
Map
Contains the EnableDate and SerialNumber of the configured virtual MFA device, if one exists.

Example

{
"AccountId": "123456789012",
"Arn": "arn:aws:iam::123456789012:root",
"CredentialReport": {
"ARN": "arn:aws:iam::123456789012:root",
"AccessKey1Active": false,
"AccessKey1LastRotated": "0001-01-01T00:00:00Z",
"AccessKey1LastUsedDate": "0001-01-01T00:00:00Z",
"AccessKey1LastUsedRegion": "N/A",
"AccessKey1LastUsedService": "N/A",
"AccessKey2Active": false,
"AccessKey2LastRotated": "0001-01-01T00:00:00Z",
"AccessKey2LastUsedDate": "0001-01-01T00:00:00Z",
"AccessKey2LastUsedRegion": "N/A",
"AccessKey2LastUsedService": "N/A",
"Cert1Active": false,
"Cert1LastRotated": "0001-01-01T00:00:00Z",
"Cert2Active": false,
"Cert2LastRotated": "0001-01-01T00:00:00Z",
"MfaActive": true,
"PasswordEnabled": false,
"PasswordLastChanged": "0001-01-01T00:00:00Z",
"PasswordLastUsed": "2019-01-01T00:00:00Z",
"PasswordNextRotation": "0001-01-01T00:00:00Z",
"UserCreationTime": "2019-01-01T00:00:00Z",
"UserName": "<root_account>"
},
"Id": "123456789012",
"Name": "<root_account>",
"Region": "global",
"ResourceId": "arn:aws:iam::123456789012:root",
"ResourceType": "AWS.IAM.RootUser",
"Tags": null,
"TimeCreated": "2019-01-01T00:00:00.000Z",
"VirtualMFA": {
"EnableDate": "2019-01-01T00:00:00Z",
"SerialNumber": "arn:aws:iam::123456789012:mfa/root-virtual-mfa-device"
}
}
Previous
IAM Role
Next
IAM User
Last modified 1yr ago
Copy link
On this page
Resource Type
Resource ID Format
Background
Fields
Example