Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-top-10
Overview
1Dashboards
62Benchmarks
5Queries
11Variables
GitHub

Control: Ensure there is only one active access key available for any single IAM user

Description

Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

Usage

Run the control in your terminal:

powerpipe control run aws_top_10.control.iam_user_one_active_key

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_top_10.control.iam_user_one_active_key --share

SQL

This control uses a named query:

select
  u.arn as resource,
  case
    when count(k.*) > 1 then 'alarm'
    else 'ok'
  end as status,
  u.name || ' has ' || count(k.*) || ' active access key(s).' as reason
  
  , u.account_id
from
  aws_iam_user as u
  left join aws_iam_access_key as k on u.name = k.user_name and u.account_id = k.account_id
where
  k.status = 'Active' or k.status is null
group by
  u.arn,
  u.name,
  u.account_id,
  u.tags,
  u._ctx;

Tags

plugin = aws
service = AWS/IAM