Ensure first access key is rotated every 30 days or less

Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. Rotating access keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used. Access keys should be rotated to ensure that data cannot be accessed with an old key which might have been lost, cracked, or stolen.

Risk Level: Low
Cloud Entity: IAM User
CloudGuard Rule ID: D9.AWS.IAM.76
Category: Security, Identity, & Compliance

GSL LOGIC

IamUser where firstAccessKey.isActive='true' should not have firstAccessKey.lastRotated before(-30, 'days')

REMEDIATION

From Portal

  1. Login to the AWS Management Console: https://console.aws.amazon.com/
  2. Click Services
  3. Click IAM
  4. Click on Users
  5. Select on the relevant user
  6. Click on Security Credentials
  7. Click 'Make inactive'
  8. Click 'Create access key' and save the new credentials.
  9. Make sure the Accesskey updated by trying to access your applications with the new accesskey.
  10. After you verified the new Accesskey is updated, go to the inactive Accesskey and click on Delete.

From Command Line

  1. To create new access key, run:
aws iam create-access-key --user-name USER_NAME
  1. To inactive the old access key, run:
aws iam update-access-key --access-key-id ACCESS_KEY_ID --status Inactive --user-name USER_NAME
  1. To delete the old access key, run:
aws iam delete-access-key	--access-key ACCESS_KEY_ID --user-name USER_NAME

References

  1. https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf
  2. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey_CLIAPI';
  3. http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

IAM User

An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.

Compliance Frameworks

  • AWS CIS Foundations v. 1.1.0
  • AWS CIS Foundations v. 1.2.0
  • AWS CIS Foundations v. 1.3.0
  • AWS CIS Foundations v. 1.4.0
  • AWS CIS Foundations v. 1.5.0
  • AWS CSA CCM v.3.0.1
  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS CloudGuard Well Architected Framework
  • AWS GDPR Readiness
  • AWS HIPAA
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ISO 27001:2013
  • AWS ITSG-33
  • AWS LGPD regulation
  • AWS MAS TRM Framework
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-171
  • AWS NIST 800-53 Rev 4
  • AWS NIST 800-53 Rev 5
  • AWS NIST CSF v1.1
  • AWS PCI-DSS 3.2
  • AWS PCI-DSS 4.0