AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
User Account Should Not Have Multiple Access Keys
More Info:
Multiple access keys for the same user should be avoided. There should be just 1 access key per user account.
Risk Level
Medium
Address
Security
Compliance Standards
CISAWS, CBP, HITRUST
Triage and Remediation
Remediation
Here are the step-by-step instructions to remediate the misconfiguration “User Account Should Not Have Multiple Access Keys” for AWS using the AWS console:
-
Log in to the AWS Management Console with your AWS account credentials.
-
Go to the “IAM” dashboard by searching “IAM” in the AWS services search bar.
-
In the left navigation pane, click on “Users”.
-
Select the user account that has multiple access keys.
-
Click on the “Security credentials” tab.
-
In the “Access keys” section, you will see all the access keys associated with the user account.
-
Identify the access keys that are not being used or are no longer required.
-
Click on the “Delete” button next to the access keys that need to be deleted.
-
In the confirmation dialog box, click on “Yes, Delete” to confirm the deletion of the access key.
-
Repeat steps 7-9 for all the access keys that need to be deleted.
-
Once all the unnecessary access keys have been deleted, click on the “Create access key” button to create a new access key.
-
In the “Create access key” dialog box, click on the “Download .csv” button to download the new access key credentials.
-
Store the new access key credentials securely.
By following these steps, you will remediate the misconfiguration “User Account Should Not Have Multiple Access Keys” for AWS using the AWS console.
To remediate the misconfiguration “User Account Should Not Have Multiple Access Keys” for AWS using AWS CLI, you can follow the below steps:
Step 1: List all the access keys for the user account using the following command:
aws iam list-access-keys --user-name <user-name>
Note: Replace <user-name>
with the actual user name.
Step 2: Identify the unused access keys that need to be deleted.
Step 3: Delete the unused access keys using the following command:
aws iam delete-access-key --access-key-id <access-key-id> --user-name <user-name>
Note: Replace <access-key-id>
with the actual access key ID and <user-name>
with the actual user name.
Step 4: Verify that the unused access keys have been deleted by running the command in step 1 again.
Repeat steps 2-4 for all the unused access keys until there is only one access key left for the user account.
Once you have ensured that there is only one access key for the user account, the misconfiguration “User Account Should Not Have Multiple Access Keys” has been remediated.
To remediate the issue of having multiple access keys for a user account in AWS, you can use the following Python script:
import boto3
# Set the name of the user whose access keys need to be checked
user_name = 'your_username_here'
# Create a connection to the IAM service
iam = boto3.client('iam')
# Get all the access keys for the user
access_keys = iam.list_access_keys(UserName=user_name)['AccessKeyMetadata']
# If the user has more than one access key, delete all but the most recent one
if len(access_keys) > 1:
# Sort the access keys by creation date, with the most recent one first
sorted_keys = sorted(access_keys, key=lambda k: k['CreateDate'], reverse=True)
# Delete all but the most recent access key
for key in sorted_keys[1:]:
iam.delete_access_key(UserName=user_name, AccessKeyId=key['AccessKeyId'])
Explanation:
-
The first step is to import the
boto3
library, which is the AWS SDK for Python. -
Next, we set the name of the user whose access keys need to be checked. Replace ‘your_username_here’ with the actual username.
-
We create a connection to the IAM service using the
boto3.client
method. -
We use the
list_access_keys
method to get all the access keys for the user. -
If the user has more than one access key, we sort the access keys by creation date, with the most recent one first.
-
We then delete all but the most recent access key using the
delete_access_key
method.
Note: This script assumes that you have AWS credentials set up on the machine where you are running the script. If not, you will need to provide credentials in the script or use another method for authentication.