> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Deleteservercertificate

### Event Information

* The DeleteServerCertificate event in AWS for IAM refers to the action of deleting a server certificate from the AWS Identity and Access Management (IAM) service.
* This event indicates that a server certificate, which is used for secure communication between a client and a server, has been removed from the IAM service.
* Deleting a server certificate can impact any resources or services that rely on this certificate for secure communication, and it is important to ensure that any affected resources are updated with a new certificate if necessary.

### Examples

* Accidental deletion: If a user with sufficient permissions accidentally deletes a server certificate, it can impact the security of the IAM environment. This can lead to disruption of services that rely on the certificate for authentication or encryption.

* Unauthorized deletion: If an attacker gains access to an IAM user or role with permissions to delete server certificates, they can maliciously delete a certificate. This can result in unauthorized access to resources or data that were protected by the certificate.

* Lack of certificate backup: If a server certificate is deleted without a proper backup, it can lead to downtime and potential security risks. Without a backup, it may be challenging to restore the certificate and resume normal operations, impacting the security of the environment.

### Remediation

#### Using Console

1. Example 1: Enforce strong password policy for IAM users
   * Step 1: Login to the AWS Management Console.
   * Step 2: Go to the IAM service.
   * Step 3: Click on "Account settings" in the left navigation pane.
   * Step 4: Under the "Password policy" section, click on "Edit".
   * Step 5: Configure the password policy settings according to your requirements, such as minimum password length, password complexity requirements, and password expiration.
   * Step 6: Click on "Apply password policy" to save the changes.

2. Example 2: Enable multi-factor authentication (MFA) for IAM users
   * Step 1: Login to the AWS Management Console.
   * Step 2: Go to the IAM service.
   * Step 3: Click on "Users" in the left navigation pane.
   * Step 4: Select the IAM user for which you want to enable MFA.
   * Step 5: Click on the "Security credentials" tab.
   * Step 6: Under the "Multi-factor authentication (MFA)" section, click on "Manage MFA".
   * Step 7: Follow the on-screen instructions to set up MFA for the user, either by using a virtual MFA device or a hardware MFA device.

3. Example 3: Enable AWS CloudTrail for logging IAM events
   * Step 1: Login to the AWS Management Console.
   * Step 2: Go to the CloudTrail service.
   * Step 3: Click on "Trails" in the left navigation pane.
   * Step 4: Click on "Create trail".
   * Step 5: Provide a name for the trail and choose the S3 bucket where the logs will be stored.
   * Step 6: Under the "Management events" section, enable logging for IAM events.
   * Step 7: Configure any additional settings as required and click on "Create trail" to create the CloudTrail trail.

#### Using CLI

1. Ensure IAM users have strong passwords:
   * Use the `update-login-profile` command to set a strong password for an IAM user:
     ```
     aws iam update-login-profile --user-name <IAM_USER_NAME> --password <NEW_PASSWORD> --password-reset-required
     ```

2. Enable multi-factor authentication (MFA) for IAM users:
   * Use the `enable-mfa-device` command to enable MFA for an IAM user:
     ```
     aws iam enable-mfa-device --user-name <IAM_USER_NAME> --serial-number <MFA_DEVICE_SERIAL_NUMBER> --authentication-code1 <CODE1> --authentication-code2 <CODE2>
     ```

3. Remove unnecessary IAM access keys:
   * Use the `delete-access-key` command to delete an IAM access key:
     ```
     aws iam delete-access-key --user-name <IAM_USER_NAME> --access-key-id <ACCESS_KEY_ID>
     ```

#### Using Python

1. Ensure IAM users have strong passwords:
   * Use the `boto3` library in Python to retrieve a list of IAM users.
   * For each user, check if their password is strong by validating it against a set of password complexity rules.
   * If a user's password is weak, use the `update_login_profile` method to force a password reset for that user.

```python theme={null}
import boto3
import re

def check_password_complexity(password):
    # Implement your password complexity rules here
    # Example: Password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, and one digit
    if len(password) < 8 or not re.search(r'[A-Z]', password) or not re.search(r'[a-z]', password) or not re.search(r'\d', password):
        return False
    return True

def remediate_weak_passwords():
    iam_client = boto3.client('iam')
    users = iam_client.list_users()['Users']
    
    for user in users:
        login_profile = iam_client.get_login_profile(UserName=user['UserName'])
        if 'LoginProfile' in login_profile:
            password = login_profile['LoginProfile'].get('Password')
            if password and not check_password_complexity(password):
                iam_client.update_login_profile(UserName=user['UserName'], PasswordResetRequired=True)
```

2. Enable multi-factor authentication (MFA) for IAM users:
   * Use the `boto3` library in Python to retrieve a list of IAM users.
   * For each user, check if MFA is enabled by calling the `list_mfa_devices` method.
   * If MFA is not enabled, use the `enable_mfa` method to enable it for the user.

```python theme={null}
import boto3

def remediate_missing_mfa():
    iam_client = boto3.client('iam')
    users = iam_client.list_users()['Users']
    
    for user in users:
        mfa_devices = iam_client.list_mfa_devices(UserName=user['UserName'])['MFADevices']
        if not mfa_devices:
            iam_client.enable_mfa(UserName=user['UserName'])
```

3. Remove unused IAM access keys:
   * Use the `boto3` library in Python to retrieve a list of IAM users.
   * For each user, check if they have any access keys by calling the `list_access_keys` method.
   * If the user has unused access keys, use the `delete_access_key` method to remove them.

```python theme={null}
import boto3

def remediate_unused_access_keys():
    iam_client = boto3.client('iam')
    users = iam_client.list_users()['Users']
    
    for user in users:
        access_keys = iam_client.list_access_keys(UserName=user['UserName'])['AccessKeyMetadata']
        for access_key in access_keys:
            if access_key['Status'] == 'Inactive':
                iam_client.delete_access_key(UserName=user['UserName'], AccessKeyId=access_key['AccessKeyId'])
```
