Ensure that your existing IAM users are either being used for API access or for console access in order to reduce the risk of unauthorized access in case their credentials (access keys or passwords) are compromised.
This rule can help you with the following compliance standards:
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Segregating the IAM users in your account by controlling their privileges will help you maintain a secure AWS environment. Cloud Conformity strongly recommends granting your IAM users the minimum amount of privileges necessary to perform the assigned task. Application users should use only access keys to programmatically access data in AWS and administrators who need console access should use only passwords to manage AWS resources.
To determine if your IAM users have both access keys and passwords assigned for authentication, perform the following:
Remediation / Resolution
Case A: To modify the access configuration by disabling the authentication via access keys for the required IAM users, perform the following:
Case B: To modify the access configuration by disabling the authentication via passwords for the required IAM users, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
IAM User With Password And Access Keys
Risk level: Medium