IAM User With Access To Console

  • Query id: 9ec311bf-dfd9-421f-8498-0b063c8bc552
  • Query name: IAM User With Access To Console
  • Platform: Terraform
  • Severity: Medium
  • Category: Access Control
  • CWE: 732
  • URL: Github

Description

AWS IAM Users should not have access to console
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_iam_user" "example" {
  name          = "example"
  path          = "/"
  force_destroy = true
}

resource "aws_iam_user_login_profile" "example_login" {
  user    = aws_iam_user.example.name
  pgp_key = "keybase:some_person_that_exists"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_iam_user" "example" {
  name          = "example"
  path          = "/"
  force_destroy = true
}