Ensure that no Amazon IAM access keys are created during initial setup for all IAM users that have a console password. By default, during IAM user setup process, AWS Management Console sets the checkbox for creating access keys to enabled, generating unnecessary access credentials that need to be managed and protected against exposure.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Unnecessary AWS IAM access keys generate unnecessary management work in auditing and rotating IAM credentials. Even if it's known that the IAM user will need these keys, Cloud Conformity recommends promoting the access keys creation as a separate step from IAM user creation as security best practice.
To identify any access keys created during IAM user initial setup, perform the following actions:
Remediation / Resolution
To remove any unnecessary and unused AWS IAM access keys, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Access Keys During Initial IAM User Setup
Risk level: Medium