Ensure inactive user for 30 days or greater are disabled
It is recommended that all AWS IAM users that have been inactive for 30 or greater days be Disabled or removed. Disabling or removing unnecessary IAM users will reduce the window of opportunity of malicious actor to gain access to resources
Risk Level: Low
Cloud Entity: IAM User
CloudGuard Rule ID: D9.AWS.IAM.80
Covered by Spectral: No
Category: Security, Identity, & Compliance
GSL LOGIC
IamUser where firstAccessKey.isActive=true or secondAccessKey.isActive=true or passwordEnabled=true should have firstAccessKey.lastUsedDate after('-30', 'days') or secondAccessKey.lastUsedDate after('-30', 'days') or passwordLastUsed after('-30', 'days')
REMEDIATION
From Portal
Perform the following to deactivate Access Keys:
- Login to the AWS Management Console.
- Click Services.
- Click IAM.
- Click on Users.
- Click on Security Credentials.
- Select any access keys that are over 30 days old and that have been used and click on Make Inactive.
- Select any access keys that are over 30 days old and that have not been used and click the X to Delete.
Perform the following to manage Unused Password (IAM user console access):
- Login to the AWS Management Console.
- Click Services.
- Click IAM.
- Click on Users.
- Click on Security Credentials.
- In section Sign-in credentials, Console password click Manage.
- Under Console Access select Disable.
- Click Apply.
References
- https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#remove-credentials
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
- https://workbench.cisecurity.org/sections/615823/recommendations/1009530
IAM User
An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.
Compliance Frameworks
- AWS CIS Controls V 8
- AWS CSA CCM v.4.0.1
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST v11.0.0
- AWS ISO27001:2022
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- AWS PCI-DSS 4.0
- CloudGuard AWS All Rules Ruleset
Updated over 1 year ago