Query: iam_user_one_active_key

Usage

powerpipe query aws_top_10.query.iam_user_one_active_key

Steampipe Tables

aws_iam_access_key

aws_iam_user

SQL

select
  u.arn as resource,
  case
    when count(k.*) > 1 then 'alarm'
    else 'ok'
  end as status,
  u.name || ' has ' || count(k.*) || ' active access key(s).' as reason
  
  , u.account_id
from
  aws_iam_user as u
  left join aws_iam_access_key as k on u.name = k.user_name and u.account_id = k.account_id
where
  k.status = 'Active' or k.status is null
group by
  u.arn,
  u.name,
  u.account_id,
  u.tags,
  u._ctx;

Controls

The query is being used by the following controls:

Ensure there is only one active access key available for any single IAM user