More Info:

Root account has full permissions across the entire account. Root account should not have access keys. Also, it certainly shouldn”t access any service. Instead, create IAM users with predefined roles.

Risk Level

High

Address

Security

Compliance Standards

PCI, HIPAA, APRA, MAS, NIST

Additional Reading:

http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html