Require root password when executing "sudo -s"

I have a CentOS 7 server on AWS.

When logged in with the centos user, how can I prevent sudo -s logging in to root without requiring root's password?

[root@server ~]# cat /etc/sudoers | grep rootpw
Defaults rootpw
[root@server ~]# getent group wheel
wheel:x:10:centos
[root@server ~]# gpasswd -d centos wheel
Removing user centos from group wheel
[root@server ~]# getent group wheel
wheel:x:10:
[root@server ~]# su centos
[centos@server root]$ sudo -s
[root@server ~]# !!!!!!!!!!!!!!!!

sudo always uses the user account's password. If user has sudo privileges, then the user can execute commands as root, after entering his own password in the sudo prompt.

In your example, you are seeing the effects of sudo ticket validity period. Once sudo is run for the first time, it asks for a password. After that, it creates a ticket that is valid for a certain time. During this time, sudo does not ask for password.

If you want to change this behavior, you can disable the ticket by adding

Defaults     timestamp_timeout=0

to /etc/sudoers configuration file.