cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask the community

A Real-World Look at AWS Best Practices: IAM User Accounts

rcanzanese
Netskope
Netskope
โ€Ž05-07-2021 06:44 AM

In our latest blog, we explore IAM best practices and AWS and highlight two findings:

 

  1. The majority of organizations don't enforce access key rotation for their IAM users.
  2. The majority of organizations aren't deleting inactive IAM accounts.

We access keys that were nearly a decade old and many IAM accounts that hadn't been used in over a year, exposing a lot of risk surface that can likely be locked down.  How can you identify these old access keys and inactive IAM accounts? We have two Security Assessment rules that can help:

 

Remove/disable inactive user accounts within 90 days

rcanzanese_0-1620394398970.png

 

Remote access: Ensure access keys unused for 90 days or greater are disabled

rcanzanese_1-1620394491833.png

 

Once the rules have run, you will see the results in your compliance report.

rcanzanese_2-1620394781174.png

 

Oops, I have a couple of  users in this AWS account that require some cleanup! I'll just follow the remediation guidance to ensure those two rules are marked green next time around. 

rcanzanese_3-1620395048876.png

Labels:
Comment

Popular Articles

Here are some of the popular articles from this blog.

cover-image

By Bharath-Murali

Introducing the new "Notification Portal" !!! View More
cover-image

By borisgekhtman

Netskope Private Access for Windows Autopilot View More

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In