IAM Access Key Is Exposed

  • Query id: 7081f85c-b94d-40fd-8b45-a4f1cac75e46
  • Query name: IAM Access Key Is Exposed
  • Platform: Terraform
  • Severity: Medium
  • Category: Access Control
  • CWE: 200
  • URL: Github

Description

IAM Access Key should not be active for root users
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_iam_access_key" "positive1" {
  user = "root"
  status = "Active"
}

resource "aws_iam_access_key" "positive2" {
  user = "root"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_iam_access_key" "negative1" {
  user = "some-user"
}

resource "aws_iam_access_key" "negative2" {
  user = "some-user"
  status = "Active"
}

resource "aws_iam_access_key" "negative3" {
  user = "root"
  status = "Inactive"
}