Root Account Has Active Access Keys

  • Query id: e71d0bc7-d9e8-4e6e-ae90-0a4206db6f40
  • Query name: Root Account Has Active Access Keys
  • Platform: Ansible
  • Severity: High
  • Category: Insecure Configurations
  • CWE: 710
  • URL: Github

Description

The AWS Root Account must not have active access keys associated, which means if there are access keys associated to the Root Account, they must be inactive.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
#this is a problematic code where the query should report a result(s)
- name: Create two new IAM users with API keys
  community.aws.iam:
    iam_type: user
    name: "{{ root }}"
    state: present
    password: "{{ temp_pass }}"
    access_key_state: active
  loop:
    - jcleese
    - mpython

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
#this code is a correct code for which the query should not find any result
- name: Create two new IAM users with API keys
  community.aws.iam:
    iam_type: user
    name: '{{ root }}'
    state: present
    password: '{{ temp_pass }}'
    access_key_state: inactive
  loop:
  - jcleese
  - mpython