v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/ibm_compliance
Overview
1Dashboards
67Controls
20Queries
0Variables
GitHub

Control: 1.4 Restrict user API key creation and service ID creation in the account via IAM roles

Description

Use IAM settings to restrict user API key creation and service ID (and related API key) creation in the account. Enable both settings to restrict all users in the account from creating user API keys and service IDs except those with an IAM policy that explicitly allows it.

Remediation

From Console

  1. Log in to IBM Cloud.
  2. Click Manage -> Access (IAM).
  3. Click Settings.
  4. In the Account section of the Settings page, ensure that Restrict API key creation and Restrict service ID creation are enabled.
  5. Once enabled, only users with the correct IAM policies will be able to create user API keys and service IDs.

Usage

Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_1_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_1_4 --share

SQL

This control uses a named query:

iam_restrict_api_key_service_id_creation

Tags

category = Compliance
cis = true
cis_item_id = 1.4
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.0.0
plugin = ibm
service = IBM/IAM