Aqua CSPM

Users Password Last Used

Quick Info

Plugin TitleUsers Password Last Used
CloudAWS
CategoryIAM
DescriptionDetects users with password logins that have not been used for a period of time and that should be decommissioned
More InfoHaving numerous, unused user accounts extends the attack surface. If users do not log into their accounts for more than the defined period of time, the account should be deleted.
AWS Linkhttp://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html
Recommended ActionDelete old user accounts that allow password-based logins and have not been used recently.

Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for IAM.
  3. Scroll down the left navigation panel and choose “Users”.
  4. Select the “User” that needs to be verified and click on the “User name” to access the selected “IAM User”.
  5. Click on the “Security Credentials” under the configuration page.
  6. Scroll down the “Security Credentials” tab and check the “Console password”.Check the “Console password” section for “last signed in”. If “last signed in” is showing for the period more than 180 days than the password is not been used for a period of time.
  7. Repeat steps number 2 - 6 to verify for other IAM users.
  8. Go to the “Users” page and select the “User” whose password is not been used for a period of time now.
  9. Click on the “Delete user” button at the top to delete the selected user.
  10. On the “Delete user” tab click on the “Yes, delete” button to delete the selected IAM user.
  11. Repeat steps number 8 - 10 to delete the other IAM users whose passwords are not used for a period of time.