How to remove AWS Root user access keys

Pragti Chauhan

~ 2 min read

Having an access key for the Root user poses the risk of being misused or stolen, since this user has unrestricted access in the account. If your Root user also has access keys that you would like to remove, here is a step-by-step guide to do so.


AWS Root user has unrestricted access in the account. This user should only be used for those activities that require Root level access, like Billing or adding other AWS accounts to Organisations. For day-to-day activities in the account, users with required permissions must be created.

Having an access key for the Root user becomes a liability and poses the additional risk of being misused or stolen. If an attacker gains access to the root user access keys, they could take over the entire AWS account compromising every single piece of data, access to virtual machines or even the entire operations of the Organisation.

Removing access keys for Root User

Following is the step-by-step guide to remove access keys for a Root User on AWS:

  1. Sign in to the AWS management console using the account root user credentials

  2. Click on the account name or number in the upper right corner and select Security Credentials from the drop down

    AWS security credentials console

  3. Select the Access Keys section

    AWS access keys

  4. To delete the access key, select the radio button

    AWS access keys list

  5. From the Actions dropdown, select Delete

    Delete AWS access keys

  6. This will display a pop up. Click on Deactivate

    Deactivate AWS access keys

  7. Provide the Access Key ID

    access keys deletion confirmation

  8. Click on Delete to remove the access key

    Delete access keys