Control: IAM user access keys should be rotated at least every 90 days
Description
The credentials are audited for authorized devices, users, and processes by ensuring IAM access keys are rotated as per organizational policy.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.iam_user_access_key_age_90Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.iam_user_access_key_age_90 --shareSQL
This control uses a named query:
select 'arn:' || partition || ':iam::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id as resource, case when status <> 'Active' then 'skip' when create_date <= (current_date - interval '90' day) then 'alarm' else 'ok' end status, case when status <> 'Active' then user_name || ' ' || access_key_id || ' status is ' || status || '.' else user_name || ' ' || access_key_id || ' created ' || to_char(create_date , 'DD-Mon-YYYY') || ' (' || extract(day from current_timestamp - create_date) || ' days).' end reason , account_idfrom aws_iam_access_key;