AWS_IAM_21

Do not setup access keys during initial user setup for all IAM users that have a console password

Description

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys.

Remediation

Perform the following to delete access keys that do not pass the audit:
1. Login to the AWS Management Console:

2. Click Services

3. Click IAM

4. Click on Users

5. Click on Security Credentials

6. As an Administrator

  • Click on Delete for keys that were created at the same time as the user profile but have not been used.


7. As an IAM User

  • Click on Delete for keys that were created at the same time as the user profile but have not been used.

Service

IAM

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!