Plugin Title Access Keys Extra
Cloud AWS
Category IAM
Description Detects the use of more than one access key by any single user
More Info Having more than one access key for a single user increases the chance of accidental exposure. Each account should only have one key that defines the users permissions.
AWS Link http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html
Recommended Action Remove the extra access key for the specified user.


Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the "Services" option and search for IAM.
  3. Scroll down the left navigation panel and choose "Users".
  4. Select the "User" that needs to be verified and click on the "User name" to access the selected "IAM User".
  5. Click on the "Security Credentials" under the configuration page.
  6. Scroll down and under "Security Credentials" check the number of "Access Key ID". If there are more than "One Access Key ID" for the selected user than it increases the chance of accidental exposure.
  7. Repeat the steps number 4 - 6 to check the "Access Keys" for another user.
  8. To remove the extra "Access Key" click on "Security Credentials" under IAM user configuration page and select the "Access Key ID" which needs to be removed.
  9. Click on the cross(×) symbol at the extreme right to remove the selected key.
  10. Click on "Delete" button under "Delete access key" tab to delete the extra "Access Key".

Want to scan for this risk automatically?

Get Started Now