IAM users that have been granted privileges to create, manage, query or delete access keys without restriction

Tenacity Id

Risk Level

Categories

iam-user-014

3

Last Updated:

April 21, 2022

An Identity Access and Management (IAM) user has been granted privileges to create, manage, query and delete access keys without restriction. These privileges should be strictly controlled to mitigate the security risk in the event an Identity Access and Management (IAM) resource is compromised. AWS provides five IAM permissions for access keys (iam:DeleteAccessKey iam:GetAccessKeyLastUsed iam:UpdateAccessKey iam:CreateAccessKey iam:ListAccessKeys) and all five can be restricted. Update IAM user permissions to remove these privileges.