Control: IAM user access keys should be rotated at least every 90 days
Description
The credentials are audited for authorized devices, users, and processes by ensuring IAM access keys are rotated as per organizational policy.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.iam_user_access_key_age_90Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.iam_user_access_key_age_90 --shareSQL
This control uses a named query:
select 'arn:' || partition || ':iam::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id as resource, case when create_date <= (current_date - interval '90' day) then 'alarm' else 'ok' end status, user_name || ' ' || access_key_id || ' created ' || to_char(create_date , 'DD-Mon-YYYY') || ' (' || extract(day from current_timestamp - create_date) || ' days).' as reason , account_idfrom aws_iam_access_key;