Unused Access Keys

This plugin detects the access keys that have not been used for a period of time and that should be decommissioned.

Risk Level: High

Description: 

This plugin detects the access keys that have not been used for a period of time and that should be decommissioned. Having numerous, unused access keys extends the attack surface. Access keys should be removed if they are no longer being used.

PingSafe strongly recommends logging into the IAM portal and remove the offending access key.

About the Service :

AWS ID and Access Management (IAM) allows you to securely manage access to AWS services and resources. With IAM, AWS users and groups can be established and managed and permissions used to enable access by AWS resources and prohibit them.

We can discover and adjust the rules so that only the services are accessible. We can thus adhere better to the less privileged principle.

Impact : 

In the presence of numerous unused access keys the attack surface increases. Hence, to avoid any such compromise or any such impacts access keys should be monitored and unused access keys should be removed.

Steps to reproduce :

  1. Sign-in to AWS management console.
  2. Navigate to the “IAM” dashboard.
    https://console.aws.amazon.com/iamv2/ 
  3. Select “Users” in the left navigation panel.
  4. Click on the User that you want to examine and select “Security Credentials”.
  5. Check the current status of the user in the “Status” column. If the IAM user has more than one access key activated that suggests that the user configuration does not follow best practices.

Steps for remediation :

  1. Sign-in to AWS management console.
  2. Navigate to the “IAM” dashboard. (https://console.aws.amazon.com/iamv2/ )
  3. Select “Users” in the left navigation panel.
  4. Click on the User that you want to examine and select “Security Credentials”.
  5. Check the current status of the user in the ”Status” column. If the IAM user has more than one access key activated that suggests that the user configuration does not follow best practices.
  6. Deactivate the non-operational access key by clicking on the “Make Inactive” button.
  7. Click Deactivate to switch off the selected key.

References: