Risk Level: High
Cloud Entity: IAM User
CloudGuard Rule ID: D9.AWS.IAM.68
Category: Security, Identity, & Compliance
IamUser where name like '%root_account%' should have firstCertificate.isActive=false and secondCertificate.isActive=false
- Click on the AWS account name/number in the upper-right corner
- Choose 'Security credentials' in the menu
- Under 'X.509 certificate', change all certificates with 'Active' status to 'Inactive'.
From Command Line
To generate a credentials report, run:
aws iam generate-credential-report
To get the generated credentials report, run:
aws iam get-credential-report
Note: The 'Content' field from the JSON response should be decoded from Base64 into a CSV file. After that, 'cert_1_active' and 'cert_2_active' columns should be verified as 'FALSE' for the 'root' user.
An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST v11.0.0
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- AWS Security Risk Management
Updated 6 months ago