Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > IAM >

Access Keys Extra

MEDIUM
Source
CloudSploit
ID
access-keys-extra
management console

Access Keys Extra

Detects the use of more than one access key by any single user

Having more than one access key for a single user increases the chance of accidental exposure. Each account should only have one key that defines the users permissions.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for IAM. Step

  3. Scroll down the left navigation panel and choose “Users” under “Access Management”. Step

  4. Select the “User” that needs to be verified and click on the “User name” to access the selected “IAM User” and go to its configuration page.Step

  5. Under “Security Credentials” tab check the number of “Access Key ID”. If there are more than “One Access Key ID” for the selected user than it increases the chance of accidental exposure.Step

  6. To remove the extra “Access Key” click on the cross(×) symbol at the extreme right to remove the selected key.Step

  7. Click on “Deactivate” button in the delete confirmation popup box.Step

  8. Enter “Access key Id” in the text box and press the “Delete” button to delete the extra “Access Key”.Step

  9. Repeat steps number 4 - 8 to check the “Access Keys” for all other IAM users.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use