Benchmark: 8.2.4: Addition, deletion, and modification of user IDs, authentication factors, and other identifier objects are managed
Description
It is imperative that the lifecycle of a user ID (additions, deletions, and modifications) is controlled so that only authorized accounts can perform functions, actions are auditable, and privileges are limited to only what is required.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 8.2.4: Addition, deletion, and modification of user IDs, authentication factors, and other identifier objects are managed.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_8_2_4Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_8_2_4 --shareControls
- EC2 instances should not use key pairs in running state
- IAM groups should have at least one user
- IAM policy should be in use
- IAM root user should not have access keys
- IAM users should be in at least one group
- Ensure a log metric filter and alarm exist for usage of 'root' account