IAM User Has Too Many Access Keys
- Query id: 48677914-6fdf-40ec-80c4-2b0e94079f54
- Query name: IAM User Has Too Many Access Keys
- Platform: CloudFormation
- Severity: Medium
- Category: Insecure Configurations
- CWE: 284
- URL: Github
Description¶
Any IAM User should not have more than one access key since it increases the risk of unauthorized access and compromise credentials
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
Resources:
myuser:
Type: AWS::IAM::User
Properties:
Path: "/"
LoginProfile:
Password: myP@ssW0rd
firstKey:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref myuser
secondKey:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref myuser
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "A sample template",
"Resources": {
"secondKey": {
"Type": "AWS::IAM::AccessKey",
"Properties": {
"UserName": "myuser"
}
},
"myuser": {
"Type": "AWS::IAM::User",
"Properties": {
"LoginProfile": {
"Password": "myP@ssW0rd"
},
"Path": "/"
}
},
"firstKey": {
"Type": "AWS::IAM::AccessKey",
"Properties": {
"UserName": "myuser"
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
Resources:
myuser:
Type: AWS::IAM::User
Properties:
Path: "/"
LoginProfile:
Password: myP@ssW0rd
firstKey:
Type: AWS::IAM::AccessKey
Properties:
UserName:
Ref: myuser
Negative test num. 2 - json file
{
"Resources": {
"myuser": {
"Type": "AWS::IAM::User",
"Properties": {
"Path": "/",
"LoginProfile": {
"Password": "myP@ssW0rd"
}
}
},
"firstKey": {
"Type": "AWS::IAM::AccessKey",
"Properties": {
"UserName": {
"Ref": "myuser"
}
}
}
},
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "A sample template"
}