AWS IAM

Extra Access Keys

This plugin detects the use of more than one access key by any single user.

Risk Level: Medium

Description: 

This plugin detects the use of more than one access key by any single user. Having more than one access key for a single user increases the chance of accidental exposure. Each account should only have one key that defines the user’s permissions.

PingSafe strongly recommends removing the extra access key for the specified user.

Note:

 AWS updates the Credential Report every 4 hours, it'll get updated soon please check back later. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html

About the Service :

AWS ID and Access Management (IAM) allows you to securely manage access to AWS services and resources. With IAM, AWS users and groups can be established and managed and permissions used to enable access by AWS resources and prohibit them.

We can discover and adjust the rules so that only the services are accessible. We can thus adhere better to the less privileged principle.

Impact : 

In the absence of monitoring of access keys, there may be problems with the privileges of the users which can result in the compromise of the service. Hence, to avoid any such compromise or any such impacts access keys should be monitored. 

Steps to reproduce :

  1. Sign-in to AWS management console.
  2. Navigate to the “IAM” dashboard. (https://console.aws.amazon.com/iamv2/)
  3. Select “Users” in the left navigation panel.
  4. Click on the User that you want to examine and select “Security Credentials”.
  5. Check the current status of the user in the Status column. If the IAM user has more than one access key activated that suggests that the user configuration does not follow best practices.

Steps for remediation :

  1. Sign-in to AWS management console.
  2. Navigate to the “IAM” dashboard.
    https://console.aws.amazon.com/iamv2/ 
  3. Select “Users” in the left navigation panel.
  4. Click on the User that you want to examine and select “Security Credentials”.
  5. Check the current status of the user in the Status column. If the IAM user has more than one access key activated that suggests that the user configuration does not follow best practices.
  6. Deactivate the non-operational access key by clicking on the Make Inactive button.
  7. Click Deactivate to switch off the selected key.


References: