How should the Administrator ensure that this is done?
Change the root user password by using the AWS CLI routinely.
Periodically use the AWS CLI to rotate access keys and secret keys for the root user.
Use AWS Trusted Advisor security checks to review the configuration of the root user.
Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.
Explanations:
Changing the root user password routinely using the AWS CLI does not ensure that security best practices are being followed. While it is important to have a strong password, it does not address other critical security measures, such as enabling multi-factor authentication (MFA) or monitoring account activity.
Root users in AWS should not use access keys at all, as it is a security risk. The best practice is to avoid using the root user for day-to-day tasks and instead create IAM users with the necessary permissions. Regularly rotating access keys for the root user is not a recommended practice.
Using AWS Trusted Advisor security checks is a valid method to review the configuration of the root user and other account settings. Trusted Advisor can provide insights on security best practices, including whether MFA is enabled for the root user and other account-related checks.
Distributing the AWS compliance document from AWS Artifact does not directly ensure that security best practices are being followed with the root user. While the document may provide information about compliance standards, it does not actively monitor or enforce security configurations for the root user.