2017-10-27 20:31:36 +00:00
---
title: About the aws_iam_root_user Resource
2018-02-14 01:42:39 +00:00
platform: aws
2017-10-27 20:31:36 +00:00
---
2018-02-15 02:23:29 +00:00
# aws\_iam\_root\_user
2017-10-27 20:31:36 +00:00
Use the `aws_iam_root_user` InSpec audit resource to test properties of the root user (owner of the account).
To test properties of all or multiple users, use the `aws_iam_users` resource.
To test properties of a specific AWS user use the `aws_iam_user` resource.
<br>
## Syntax
An `aws_iam_root_user` resource block requires no parameters but has several matchers
describe aws_iam_root_user do
its { should have_mfa_enabled }
end
<br>
## Examples
The following examples show how to use this InSpec audit resource.
2018-01-23 16:01:51 +00:00
### Test that the AWS root account has at-least one access key
2017-10-27 20:31:36 +00:00
describe aws_iam_root_user do
2018-01-23 16:01:51 +00:00
it { should have_access_key }
2017-10-27 20:31:36 +00:00
end
### Test that the AWS root account has Multi-Factor Authentication enabled
describe aws_iam_root_user do
it { should have_mfa_enabled }
end
<br>
## Matchers
2018-02-14 01:42:39 +00:00
This InSpec audit resource has the following special matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
2017-10-27 20:31:36 +00:00
2018-02-15 02:23:29 +00:00
### have\_mfa\_enabled
2017-10-27 20:31:36 +00:00
The `have_mfa_enabled` matcher tests if the AWS root user has Multi-Factor Authentication enabled, requiring them to enter a secondary code when they login to the web console.
it { should have_mfa_enabled }
2018-01-23 16:01:51 +00:00
2018-02-15 02:23:29 +00:00
### have\_access\_key
2018-01-23 16:01:51 +00:00
The `have_access_key` matcher tests if the AWS root user has at least one access key.
it { should have_access_key }
