turbot/alicloud_compliance

Control: 1.6 Ensure access keys are rotated every 90 days or less

Description

An access key consists of an access key ID and a secret, which are used to sign programmatic requests that you make to Alibaba Cloud. RAM users need their own access keys to make programmatic calls to Alibaba Cloud from the Alibaba Cloud SDKs, CLIs, or direct HTTP/HTTPS calls using the APIs for individual Alibaba Cloud services. It is recommended that all access keys be regularly rotated.

Remediation

Perform the following to determine if access keys are rotated within 90 days:

From Console

  1. Logon to RAM console.
  2. In the left-side navigation pane, click Users under Identities.
  3. In the User Logon Name/Display Name column, click the username of the target RAM user.
  4. In the User AccessKeys section, click Create AccessKey.
  5. Click OK to create a new AccessKy pair for rotation.
  6. Update all applications and systems to use the new AccessKey pair.
  7. Disable the original AccessKey pair by following below steps:
    • Log on to RAM console.
    • In the left-side navigation pane, click Users under Identities.
    • On the Users page, click username of the target RAM user in the User Logon Name/Display Name column.
    • In the User AccessKeys section, find the target AccessKey pair and click Disable.
  8. Confirm that your applications and systems are working.
  9. Delete the original AccessKey pair by following below steps:
    • Log on to RAM console.
    • In the left-side navigation pane, click Users under Identities.
    • In the User Logon Name/Display Name column, click the username of the target RAM user.
    • In the User AccessKeys section, find the target access keys and Click Delete.
    • In the dialog box that appears, select I am aware of the risk and confirm the deletion.
  10. Click OK.

From Command Line

  • Run the following command to delete an access key:
aliyun ram DeleteAccessKey --UserAccessKeyId <access_key_ID> --UserName <ram_user >
  • Run the following command to disable an active access key:
aliyun ram UpdateAccessKey --UserAccessKeyId <access_key_ID> --Status Inactive --UserName <ram_user>
  • Run the following command to delete an access key:
aliyun ram DeleteAccessKey --UserAccessKeyId <access_key_ID> --UserName <ram_user >

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_1_6

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_1_6 --share

SQL

This control uses a named query:

ram_user_access_key_rotated_90

Tags