Ensure credentials unused for 45 days or greater are disabled (First access key)

AWS IAM users can access AWS resources using different types of credentials, such as passwords or access keys. It is recommended that all credentials that have been unused in 45 or greater days from their creation time be deactivated or removed. Disabling or removing unnecessary credentials will reduce the window of opportunity for credentials associated with a compromised or abandoned account to be used.

Risk Level: Low
Cloud Entity: IAM User
CloudGuard Rule ID: D9.AWS.IAM.03
Category: Security, Identity, & Compliance

GSL LOGIC

IamUser where firstAccessKey.isActive=true and firstAccessKey.lastRotated before(-45, 'days') should not have firstAccessKey.lastUsedDate before(-45, 'days')

REMEDIATION

From Portal

  1. Login to the AWS Management Console
  2. Click Services
  3. Click IAM
  4. Click on Users
  5. Click on Security Credentials
  6. Select the relevant access key and click on 'Make Inactive'

From Command Line
To inactive an IAM User access key, run:

aws iam update-access-key --access-key-id ACCESS_KEY_ID --status Inactive --user-name USER_NAME

References

  1. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
  2. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/update-access-key.html

IAM User

An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.

Compliance Frameworks

  • AWS CIS Foundations v. 1.1.0
  • AWS CIS Foundations v. 1.2.0
  • AWS CIS Foundations v. 1.3.0
  • AWS CIS Foundations v. 1.4.0
  • AWS CIS Foundations v. 1.5.0
  • AWS CSA CCM v.3.0.1
  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS CloudGuard Well Architected Framework
  • AWS GDPR Readiness
  • AWS HIPAA
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ISO 27001:2013
  • AWS ITSG-33
  • AWS LGPD regulation
  • AWS MAS TRM Framework
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-171
  • AWS NIST 800-53 Rev 4
  • AWS NIST 800-53 Rev 5
  • AWS NIST CSF v1.1
  • AWS PCI-DSS 3.2
  • AWS PCI-DSS 4.0
  • AWS Security Risk Management