certificate_with_auto_renew_enablediam_access_group_with_public_accessiam_account_owner_no_api_keyiam_restrict_api_key_service_id_creationiam_support_center_access_group_configurediam_user_api_key_age_90iam_user_member_of_only_access_groupiam_user_mfa_enabled_alliam_user_with_valid_emailiam_user_with_valid_phoneinternet_service_ddos_protection_activeinternet_service_tls_higher_version_enabledinternet_service_waf_enabledmanual_controlobject_storage_bucket_with_cmkobject_storage_bucket_with_key_protect_enabledvpc_network_acl_restrict_ingress_rdp_allvpc_network_acl_restrict_ingress_ssh_allvpc_security_group_restrict_ingress_rdp_allvpc_security_group_restrict_ingress_ssh_all
Query: iam_user_api_key_age_90
Usage
powerpipe query ibm_compliance.query.iam_user_api_key_age_90Steampipe Tables
SQL
select key.crn as resource, case when key.iam_id like 'iam-ServiceId%' then 'skip' when key.created_at <= (current_date - interval '90' day) then 'alarm' else 'ok' end status, case when key.iam_id like 'iam-ServiceId%' then key.name || ' is a service ID API key.' else u.user_id || ' ' || key.name || ' created ' || to_char(key.created_at , 'DD-Mon-YYYY') || ' (' || extract(day from current_timestamp - key.created_at) || ' days).' end as reason, key.account_idfrom ibm_iam_api_key as key left join ibm_iam_user as u on key.iam_id = u.iam_id;
Controls
The query is being used by the following controls: