Identify and remediate public cloud compliance misconfigurations, mitigate security threats and control your expenses from one simple, easy to use platform.
iam-user-014
Last Updated:
April 21, 2022
An Identity Access and Management (IAM) user has been granted privileges to create, manage, query and delete access keys without restriction. These privileges should be strictly controlled to mitigate the security risk in the event an Identity Access and Management (IAM) resource is compromised. AWS provides five IAM permissions for access keys (iam:DeleteAccessKey iam:GetAccessKeyLastUsed iam:UpdateAccessKey iam:CreateAccessKey iam:ListAccessKeys) and all five can be restricted. Update IAM user permissions to remove these privileges.
