standard
turbot/aws_compliance

Trigger: Detect & correct IAM users with unused access key from 45 days or more

Detects IAM users access key that have been unused for 45 days or more and deactivates them.

Query

select
concat(u.name, ' [', u.account_id, ']') as title,
k.access_key_id,
u.name as user_name,
k.access_key_last_used_date,
(
extract(
day
from
now() - k.access_key_last_used_date
)
) :: text as access_key_last_used_day,
-- Extracts only the days part,
u.account_id,
u.sp_connection_name as conn
from
aws_iam_user as u
join aws_iam_access_key as k on u.name = k.user_name
and u.account_id = k.account_id
and access_key_last_used_date < (current_date - interval '45' day);

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/IAM