Amazon GuardDuty
Amazon Guard Duty User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

GuardDuty Policy Finding Types

This section covers the active Policy threat purpose finding types. For information about important changes to the GuardDuty finding types, including newly added or retired finding types, see Document History for Amazon GuardDuty.


The default severity value of a finding type is subject to change based on various criteria when the finding is generated.


Default severity: Low

Finding description

An API was invoked using root credentials.

This finding informs you that the root credentials of your AWS account are being used to make requests to AWS services. It is recommended that you do NOT use your account's root credentials to access AWS services. Instead, you can access AWS services using least-privilege temporary credentials from AWS Security Token Service (STS). For situations where STS is not supported, you can use IAM user credentials. For more information, see IAM Best Practices. For more information, see Remediating Compromised AWS Credentials.