Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Unused IAM User Credentials Removal Rule

This rule emphasizes the removal of unused IAM user credentials to enhance security measures.

RuleUnused IAM user credentials should be removed
FrameworkAWS Foundational Security Best Practices
Severity
Medium

Rule Description

Unused IAM user credentials pose a security risk to your AWS environment. As per AWS Foundational Security Best Practices, it is recommended to remove unused IAM user credentials regularly. This rule ensures that only active and authorized IAM users have access to your AWS resources, reducing the potential for unauthorized access and minimizing the attack surface.

Troubleshooting Steps

If you encounter issues while removing unused IAM user credentials, follow these troubleshooting steps:

  1. 1.
    Verify the IAM user's access key is not being used by any applications or services.
  2. 2.
    Ensure the IAM user does not have any active sessions or connections to AWS resources.
  3. 3.
    Check if any running instances still depend on the IAM user credentials.
  4. 4.
    Review any integrations or services that may be using the IAM user credentials.
  5. 5.
    Double-check that the IAM user is not a member of any IAM group that requires the credentials.

Necessary Codes

No specific codes are required for removing unused IAM user credentials. This process is performed within the AWS Management Console or using AWS CLI commands.

Step-by-Step Guide for Remediation

Follow the steps below to remove unused IAM user credentials:

  1. 1.

    Sign in to the AWS Management Console using an account with administrative privileges.

  2. 2.

    Go to the IAM service.

  3. 3.

    In the left navigation pane, click on "Users" to view the list of existing IAM users.

  4. 4.

    Identify the unused IAM user credentials by checking "Last Used" and "Access Key 1/2" columns. Credentials that have not been used for an extended period are likely to be unused.

  5. 5.

    Select the unused IAM user and click on the "Security credentials" tab.

  6. 6.

    Under the "Access keys" section, if you find any unused access keys, note them down or export them if required for auditing purposes.

  7. 7.

    Click on the "Delete" button next to the unused access key(s) to permanently remove them. Confirm the action when prompted.

  8. 8.

    After deleting the unused access keys, check for any remaining unused IAM user credentials, such as passwords or MFA devices.

  9. 9.

    To remove unused passwords, scroll to the "Login Profile" section and click on "Manage password" next to the user. Follow the prompts to remove the password from the IAM user.

  10. 10.

    To remove unused MFA devices, scroll down to the "Multi-factor authentication" section and click on "Manage MFA" next to the IAM user. Deactivate and remove any unused MFA devices.

  11. 11.

    Repeat steps 4 to 10 for each IAM user to ensure all unused credentials are removed.

  12. 12.

    Finally, update any documentation or scripts that may reference the deleted IAM user credentials to avoid any operational issues.

By following these steps, you can successfully remove unused IAM user credentials and ensure the security of your AWS environment. Remember to regularly review and remove any newly identified unused credentials to maintain a secure infrastructure.

Is your System Free of Underlying Vulnerabilities?
Find Out Now