Aqua CSPM

Users Password And Keys

Quick Info

Plugin TitleUsers Password And Keys
CloudAWS
CategoryIAM
DescriptionDetects whether users with a console password are also using access keys
More InfoAccess keys should only be assigned to machine users and should not be used for accounts that have console password access.
AWS Linkhttp://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html
Recommended ActionRemove access keys from all users with console access.

Detailed Remediation Steps

  1. Log in to the AWS Management Console.
  2. Select the “Services” option and search for IAM.
  3. Scroll down the left navigation panel and choose “Users”.
  4. On the “Users” page, click on the “User” in the “User name” column.
  5. In the “Users - Summary” page, click on the Security Credentials to check whether the selected user have Console access and Access Keys as well.
  6. Repeat steps number 2 - 5 to check other users in the account.
  7. Navigate to IAM dashboard at https://console.aws.amazon.com/iam/.
  8. In the “IAM dashboard”, click on the “Users” option at the left navigation panel and select the user who have Access key and Console access both.
  9. In the “users - Summary” page, click on the Security Credentials to remove the “Access key” from the selected user.
  10. In the “Security Credential” page, scroll down and click on the (x) button under the Access Keys to remove the access key.
  11. On the “Delete” tab, first click on “Deactivate” the key and then provide the Key Attribute and click on the “Delete” button.
  12. Repeat steps number 7 - 11 to remove access keys from all users with console access.