Ensure That Access Key Rotation Is Less Than 90 Days
Access keys consist of an access key ID and a secret access key used to sign programmatic requests that you make to AWS. AWS users need their access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. Rotating access keys will reduce the window of opportunity for an access key associated with a compromised or terminated account to be used. Access keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.
Risk Level: medium
Cloud Entity: CFT
Spectral Rule ID: CLDFRM003
REMEDIATION
set configRule.Properties.InputParameters.maxAccessKeyAge
to be less than 90 days
YAML file
configRule:
Type: AWS::Config::ConfigRule
Properties:
ConfigRuleName: access-keys-rotated
InputParameters:
- maxAccessKeyAge: 91
+ maxAccessKeyAge: 90
JSON file
"ConfigRule": {
"Type": "AWS::Config::ConfigRule",
"Properties": {
"ConfigRuleName": "access-keys-rotated",
"InputParameters": {
- "maxAccessKeyAge": 91
+ "maxAccessKeyAge": 90
}
}
}
References:
AWS Identity and Access Management (IAM)
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users.
Updated about 1 year ago