UNKNOWN
Source
CloudSploit
ID
users-password-last-used

Users Password Last Used

Detects users with password logins that have not been used

Having numerous, unused user accounts extends the attack surface.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the AWS Management Console.

  2. Select the “Services” option and search for IAM. Step

  3. Scroll down the left navigation panel and choose “Users”. Step

  4. Select the “User” that needs to be verified and click on the “User name” to access the selected “IAM User”.Step

  5. Click on the “Security Credentials” under the configuration page.Step

  6. Scroll down the “Security Credentials” tab and check the “Console password”.Check the “Console password” section for “last signed in”. If “last signed in” is showing for the period more than 180 days than the password is not been used for a period of time.Step

  7. Repeat steps number 2 - 6 to verify for other IAM users.

  8. Go to the “Users” page and select the “User” whose password is not been used for a period of time now. Step

  9. Click on the “Delete user” button at the top to delete the selected user. Step

  10. On the “Delete user” tab click on the “Yes, delete” button to delete the selected IAM user. Step

  11. Repeat steps number 8 - 10 to delete the other IAM users whose passwords are not used for a period of time.