AWS.IAM.RootUser
For IAM root users, the resource ID is the ARN.
arn:aws:iam::123456789012:root
This resource represents a snapshot for an AWS root user account. This is largely similar to the AWS.IAM.User
resource, but with a few added fields. Being a separate resource type also simplifies and optimizes writing policies which apply only to the root account, a common pattern.
Field | Type | Description |
|
| An AWS account credential report for this user. Implemented as a mapping of string keys to values. |
|
| Contains the |
{"AccountId": "123456789012","Arn": "arn:aws:iam::123456789012:root","CredentialReport": {"ARN": "arn:aws:iam::123456789012:root","AccessKey1Active": false,"AccessKey1LastRotated": "0001-01-01T00:00:00Z","AccessKey1LastUsedDate": "0001-01-01T00:00:00Z","AccessKey1LastUsedRegion": "N/A","AccessKey1LastUsedService": "N/A","AccessKey2Active": false,"AccessKey2LastRotated": "0001-01-01T00:00:00Z","AccessKey2LastUsedDate": "0001-01-01T00:00:00Z","AccessKey2LastUsedRegion": "N/A","AccessKey2LastUsedService": "N/A","Cert1Active": false,"Cert1LastRotated": "0001-01-01T00:00:00Z","Cert2Active": false,"Cert2LastRotated": "0001-01-01T00:00:00Z","MfaActive": true,"PasswordEnabled": false,"PasswordLastChanged": "0001-01-01T00:00:00Z","PasswordLastUsed": "2019-01-01T00:00:00Z","PasswordNextRotation": "0001-01-01T00:00:00Z","UserCreationTime": "2019-01-01T00:00:00Z","UserName": "<root_account>"},"Id": "123456789012","Name": "<root_account>","Region": "global","ResourceId": "arn:aws:iam::123456789012:root","ResourceType": "AWS.IAM.RootUser","Tags": null,"TimeCreated": "2019-01-01T00:00:00.000Z","VirtualMFA": {"EnableDate": "2019-01-01T00:00:00Z","SerialNumber": "arn:aws:iam::123456789012:mfa/root-virtual-mfa-device"}}