This rule emphasizes the removal of unused IAM user credentials to enhance security measures.
Rule | Unused IAM user credentials should be removed |
Framework | AWS Foundational Security Best Practices |
Severity | ✔ Medium |
Rule Description
Unused IAM user credentials pose a security risk to your AWS environment. As per AWS Foundational Security Best Practices, it is recommended to remove unused IAM user credentials regularly. This rule ensures that only active and authorized IAM users have access to your AWS resources, reducing the potential for unauthorized access and minimizing the attack surface.
Troubleshooting Steps
If you encounter issues while removing unused IAM user credentials, follow these troubleshooting steps:
Necessary Codes
No specific codes are required for removing unused IAM user credentials. This process is performed within the AWS Management Console or using AWS CLI commands.
Step-by-Step Guide for Remediation
Follow the steps below to remove unused IAM user credentials:
Sign in to the AWS Management Console using an account with administrative privileges.
Go to the IAM service.
In the left navigation pane, click on "Users" to view the list of existing IAM users.
Identify the unused IAM user credentials by checking "Last Used" and "Access Key 1/2" columns. Credentials that have not been used for an extended period are likely to be unused.
Select the unused IAM user and click on the "Security credentials" tab.
Under the "Access keys" section, if you find any unused access keys, note them down or export them if required for auditing purposes.
Click on the "Delete" button next to the unused access key(s) to permanently remove them. Confirm the action when prompted.
After deleting the unused access keys, check for any remaining unused IAM user credentials, such as passwords or MFA devices.
To remove unused passwords, scroll to the "Login Profile" section and click on "Manage password" next to the user. Follow the prompts to remove the password from the IAM user.
To remove unused MFA devices, scroll down to the "Multi-factor authentication" section and click on "Manage MFA" next to the IAM user. Deactivate and remove any unused MFA devices.
Repeat steps 4 to 10 for each IAM user to ensure all unused credentials are removed.
Finally, update any documentation or scripts that may reference the deleted IAM user credentials to avoid any operational issues.
By following these steps, you can successfully remove unused IAM user credentials and ensure the security of your AWS environment. Remember to regularly review and remove any newly identified unused credentials to maintain a secure infrastructure.