Root Account with Active Signing Certificate

Risk Level

Informational (4)

Compliance Frameworks


Ensure that your root user is not using X.509 certificates to perform requests to AWS services. An X.509 certificate is a signing certificate utilized for API request validation purposes. Some AWS services use X.509 certificates to approve requests that are signed with a corresponding private key.
  • Recommended Mitigation

    Disable any certificate on your root account