09 - Unused IAM Credentials

 

Ensure IAM user accounts that have not been used for the past 30 days are disabled

IAM users that are not actively using the AWS console for long period of time should be disabled. For this reason it is considered a security best practice to disable stale users. Ensuring that your account is restricted with MFA will help you with CIS and NIST Compliance.

Audit & Remediation

  • Login into your AWS account (with your root account)
  • Navigate to the IAM service at: https://console.aws.amazon.com/iam
  • On the left hand panel, select Users.
  • Look under the column Last activity is greater than 30 days.

 

 

  • For each account that you have determined to be stale, select the link of that IAM user.
  • Under Summary select Security credentials then next to Console password select Manage.

 

 

  • Under Manage console access next to Console access select Disable.

 

 

  • Repeat the outlined steps for each user account that has passed the 30 days.
  • Repeat the outlined steps in each of your accounts.
See all of your AWS EC2 Instances in a single place!

Do you want to see all of your AWS EC2 Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +

Contact us

LDAPTIVE, LLC.
Mount Pleasant, SC
USA
Email: info@ldaptive.com
Intelligent Discovery ™

LDAPTIVE, LLC 2018 © All Rights Reserved. Privacy Policy | Terms of Service