IAM User Has Too Many Access Keys
- Query id: 3561130e-9c5f-485b-9e16-2764c82763e5
- Query name: IAM User Has Too Many Access Keys
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- CWE: 284
- URL: Github
Description¶
Any IAM User should not have more than one access key since it increases the risk of unauthorized access and compromise credentials
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_iam_access_key" "positive1" {
user = aws_iam_user.lb.name
pgp_key = "keybase:some_person_that_exists"
}
resource "aws_iam_access_key" "positive2" {
user = aws_iam_user.lb.name
pgp_key = "keybase:some_person_that_exists"
}
resource "aws_iam_user" "lb" {
name = "loadbalancer"
path = "/system/"
}