standard
turbot/aws_compliance

Trigger: Detect & correct IAM users with access key created during initial user setup

Detects IAM users with access key created during initial user setup.

Query

select
concat(k.access_key_id, ' [', k.account_id, ']') as title,
k.access_key_id,
k.user_name,
k.create_date as key_creation_date,
u.create_date as user_creation_date,
k.access_key_last_used_date,
k.sp_connection_name as conn
from
aws_iam_access_key as k
join aws_iam_user as u on u.name = k.user_name
and (
extract(
day
from
now() - k.create_date
)
) = (
extract(
day
from
now() - u.create_date
)
)
join aws_iam_credential_report as r on r.user_name = u.name
where
access_key_last_used_date is null
and password_enabled;

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/IAM