AWS_IAM_21

Do not setup access keys during initial user setup for all IAM users that have a console password

Description

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys.

Remediation

Perform the following to delete access keys that do not pass the audit:
1. Login to the AWS Management Console:

2. Click Services

3. Click IAM

4. Click on Users

5. Click on Security Credentials

6. As an Administrator

Click on Delete for keys that were created at the same time as the user profile but have not been used.

7. As an IAM User

Click on Delete for keys that were created at the same time as the user profile but have not been used.

Do not setup access keys during initial user setup for all IAM users that have a console password

Description

Remediation

Service

Severity

Compliance

Mapping

Cloudlytics

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Do not setup access keys during initial user setup for all IAM users that have a console password

Description

Remediation

Service

Severity

Compliance

Mapping

CLOSE

We are now live on AWS Marketplace. The integrated view of your cloud infrastructure is now easier than ever!

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!