Root Access Keys provide unlimited access to your AWS resources. It's not recommended to use them in normal situations. AWS recommends to delete existing Root Access Keys and create IAM user and Access Keys limited to specific service or resource (see below).
To Delete Root Access Keys
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge. The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. For example: Key ID: 1234abcd-12ab-34cd-56ef-ab. Authorizing CreateGrant in a key policy. When you create a key policy to control access to the CreateGrant operation, you can use one or more policy conditions to limit the permission. AWS KMS supports all of the following grant-related condition keys. As a best practice, use temporary security credentials (IAM roles) instead of access keys, and disable any AWS account root user access keys. For more information, see Best Practices for Managing AWS Access Keys in the Amazon Web Services General Reference. For an existing user, click on the user, click on the 'Security credentials' tab, then click the 'Create access key' button. Copy or download the keys. Note: You cannot access previously created access keys. If you have lost the secret access key, then you have to generate new ones. Managing Access Keys for Your AWS Account. Create a key pair for the new user account Create a key pair, or use an existing one, for the new user. If you create your own key pair using the command line, follow the recommendations at create-key-pair or New-EC2KeyPair Cmdlet for key type and bit length.
1. Type https://aws.amazon.com/ in your web browser
2. Click My Account, AWS Management Console
3. Enter your account email address and password:
4. Type the IAM in the search box and choose the IAM service from the drop-down list.
You will be redirected to IAM Dashboard
5. Navigate to Security Status and expand the Delete your root access keys section.
6. Click Manage Security Credentials
7. Click Continue to Security Credentials
Your Security Credentials page will open
8. Expand the Access Keys (access key id and secret acces key) section
9. Click the Delete link next to your access keys row.
Aws Grants Program
10. Confirm Access Keys deletion.
Get Aws Access Key
11. Your Root Access Keys are deleted. Now you can create IAM user and Access Keys limited to specific service or resource (see below).
Aws Access Key Find
Be sure to replace your root access keys with your IAM access keys in any programs/scripts you are currently using.